26-year-old Ukrainian national Mark Sokolovsky has been charged for involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.
Raccoon Stealer is an information-stealing trojan distributed under the MaaS (malware-as-a-service) model that threat actors can rent for $75/week or $200/month.
Subscribers also get access to the admin panel that lets them customize the malware, retrieve the stolen data (also known as logs), and create new malware builds.
Raccoon Stealer is very popular since it steals a wide range of information from infected devices, such as stored browser credentials and information, credit cards, cryptocurrency wallets, email data, and various other types of sensitive data from numerous applications.
Sokolovsky (also known online as raccoonstealer, Photix, and black21jack77777, according to the unsealed indictment) was arrested in March 2022 and is currently jailed in the Netherlands while waiting to be extradited to the United States.
While Dutch authorities arrested the defendant, the FBI and law enforcement partners in the Netherlands and Italy dismantled Raccoon Infostealer’s infrastructure and took down the malware’s existing version offline.
Around the time of the arrest, BleepingComputer reported that the Raccoon Stealer cybercrime group suspended its operations after claiming on Russian-speaking hacking forums that one of its lead developers was killed during the invasion of Ukraine.
Since then, the Raccoon Stealer operation has been relaunched in early June with the release of a new version, built from scratch using C/C++ and featuring a new back-end, front-end, as well as new data theft capabilities.
Since March, the FBI has been collecting some of the data stolen by cybercriminals using the Raccoon Stealer malware from infected computers.
“While an exact number has yet to be verified, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world,” the Department of Justice said in a press release today.
“The credentials appear to include over four million email addresses. The United States does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate.”
The FBI has also created a website that allows anyone to check if their data is contained in the U.S. government’s archive of Raccoon Infostealer stolen information.
Those who had their data stolen will receive a confirmation email with additional info, resources, and links at the address they provided when searching the U.S. government’s Raccoon Infostealer Disclosure portal.
“Please note that Raccoon Infostealer may have compromised other personal data such as financial information without stealing an email address,” the portal further explains.