A Ukrainian national was extradited to the United States from the Netherlands after being indicted for crimes related to fraud, money laundering, and aggravated identity theft.
According to court documents, Mark Sokolovsky conspired to operate the Raccoon Infostealer as a malware-as-a-service or “MaaS.” Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency. These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims.
Raccoon Infostealer then stole personal data from victims’ computers, including login credentials, financial information, and other personal records. The stolen information was used to commit financial crimes or was sold to others on cybercrime forums.
In March 2022, concurrent with Sokolovsky’s arrest by Dutch authorities, the FBI and law enforcement partners in Italy and the Netherlands dismantled the digital infrastructure supporting the Raccoon Infostealer, taking its then-existing version offline.
Sokolovsky is charged with one count of conspiracy to commit fraud and related activity in connection with computers; one count of conspiracy to commit wire fraud; one count of conspiracy to commit money laundering; and one count of aggravated identity theft. He made his initial court appearance on Feb. 9 and is being held in custody pending trial.
Through various investigative steps, the FBI has collected data stolen from many computers that cybercriminals infected with Raccoon Infostealer, including more than 50 million unique credentials and forms of identification. The United States does not believe it has all the data stolen by Raccoon Infostealer and continues to investigate.
The FBI has created a website where anyone can input their email address to determine whether it is contained within the U.S. government’s repository of Raccoon Infostealer stolen data. Victims of the Raccoon Infostealer can find more information at Victim Assistance – Raccoon Infostealer.