US Authorities Announced the Arrest of a Ukrainian Who Developed Raccoon Malware

The US Department of Justice reports on charges brought against 26-year-old Ukrainian citizen Mark Sokolovsky, who is associated with the development of the Raccoon malware (aka Raccoon Infostealer, RaccoonStealer). Sokolovsky is currently in the Netherlands, where he is awaiting extradition.

Let me remind you that Raccoon is a very popular among criminals MaaS stealer that steals passwords, cookies, autofill data, bank cards saved in browsers from numerous applications, and also attacks a wide range of cryptocurrency wallets and is able to take screenshots of the victim’s desktop.

In March of this year, a Raccoon representative announced on hacker forums that the group had ceased its activities, since, according to him, “a friend and excellent developer” who was responsible for maintaining critical parts of the malware infrastructure died during the start of the war in Ukraine. Apparently, it was about Sokolovsky (known under the nicknames raccoonstealer, Photix and black21jack77777), who did not die, as it turned out now, but was arrested in the Netherlands at the request of the FBI and therefore stopped communicating.

I note that a few months after this announcement of the termination of work, Raccoon was restarted: in June, the malware returned in a new version created from scratch using C / C ++, a new backend, interface, and new data theft capabilities.

As the Department of Justice now reports, the FBI, together with the Dutch and Italian authorities, managed to take over the Raccoon servers, effectively shutting down the old version of the malware. Law enforcers write that about 50,000,000 unique credentials and other data (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, and so on) were found on the servers, stolen from the browsers and applications of victims whose machines were infected with Raccoon.

Authorities say this is not all of the credentials stolen in the Raccoon attacks. However, the entire data set has already been made searchable through a dedicated site so that users and companies can understand if they have been infected with this malware in the past.

Sokolovsky is charged with conspiracy to commit computer fraud and related activities; in conspiracy to commit fraud using electronic means of communication; in conspiracy to launder money; aggravated identity theft.

It is reported that the Amsterdam District Court issued a decision to extradite the accused to the United States on September 13, 2022, but Sokolovsky appealed this decision.