News

US Authorities Announced the Arrest of a Ukrainian Who Developed Raccoon Malware

The US Department of Justice reports on charges brought against 26-year-old Ukrainian citizen Mark Sokolovsky, who is associated with the development of the Raccoon malware (aka Raccoon Infostealer, RaccoonStealer). Sokolovsky is currently in the Netherlands, where he is awaiting extradition.

We also reported that Interpol Announced the Arrest of Members of the Black Ax Group.

Let me remind you that Raccoon is a very popular among criminals MaaS stealer that steals passwords, cookies, autofill data, bank cards saved in browsers from numerous applications, and also attacks a wide range of cryptocurrency wallets and is able to take screenshots of the victim’s desktop.

In March of this year, a Raccoon representative announced on hacker forums that the group had ceased its activities, since, according to him, “a friend and excellent developer” who was responsible for maintaining critical parts of the malware infrastructure died during the start of the war in Ukraine. Apparently, it was about Sokolovsky (known under the nicknames raccoonstealer, Photix and black21jack77777), who did not die, as it turned out now, but was arrested in the Netherlands at the request of the FBI and therefore stopped communicating.

I note that a few months after this announcement of the termination of work, Raccoon was restarted: in June, the malware returned in a new version created from scratch using C / C ++, a new backend, interface, and new data theft capabilities.

As the Department of Justice now reports, the FBI, together with the Dutch and Italian authorities, managed to take over the Raccoon servers, effectively shutting down the old version of the malware. Law enforcers write that about 50,000,000 unique credentials and other data (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, and so on) were found on the servers, stolen from the browsers and applications of victims whose machines were infected with Raccoon.

Authorities say this is not all of the credentials stolen in the Raccoon attacks. However, the entire data set has already been made searchable through a dedicated site so that users and companies can understand if they have been infected with this malware in the past.

Sokolovsky is charged with conspiracy to commit computer fraud and related activities; in conspiracy to commit fraud using electronic means of communication; in conspiracy to launder money; aggravated identity theft.

It is reported that the Amsterdam District Court issued a decision to extradite the accused to the United States on September 13, 2022, but Sokolovsky appealed this decision.

If found guilty, Sokolovsky faces up to 20 years in prison for wire fraud and money laundering, five years for conspiracy to commit computer fraud, and two years in prison for aggravated identity theft.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

1 day ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

1 day ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

1 day ago