A Ukrainian national believed to be one of the “key operators” of Racoon Stealer, a popular malware-as-a-service platform, will be extradited from the Netherlands to the US to face charges related to computer fraud, wire fraud, and money laundering. Mark Sokolovsky, 26 was arrested in the Netherlands in March this year and was known online as raccoonstealer, Photix, and b1ack21jack77777.
The Raccoon Stealer trojan is thought to have infected millions of computers around the globe since 2019, resulting in the collection of what the FBI believes to be at least 50 million unique credentials, including over those to over four million email addresses. The malware, usually delivered through phishing campaigns and exploit kits, is also capable of collecting credit card data, browser autofill data, cryptocurrency seed phrases and just about anything stored in as many as 60 different applications.
Sokolovsky showing off a wad of cash presumably from Raccoon Stealer subscription proceeds. Source: US Dept. of Justice
Raccoon Stealer operated as a Telegram bot and charged customers around $75 a week or $200 a month – payable in cryptocurrency – for access to the platform, which was regularly updated and used by those seeking to sell stolen credentials on darknet markets or forums on the dark web. It was highly popular and successful due to its ease of use and accessibility.
The operators of Raccoon Stealer temporarily suspended operations in March – coinciding around the date of Sokolovsky’s arrest – announcing on the Raid hacking forum that one of their core developers had been killed in the Russian conflict with Ukraine. By late June, the service was back in operation, although it operated differently and in what was described to be a less secure manner, which rendered its trojan easier for antivirus programs to detect and mitigate.
Example of data extracted from computer by Raccoon Stealer malware. Source: US Dept. of Justice
If convicted, Sokolovsky faces a 20-year sentence for the wire fraud and money laundering charges, five years for the computer fraud charge, and a mandatory consecutive term of two years for the identity theft charge.