October 26, 2022

Mark Sokolovsky has been charged for his part in the Raccoon Stealer malware-as-service (MaaS) operation.

The 26-year-old Ukrainian, also known as raccoonstealer, Photix and black21jack77777 was arrested in March 2022 and is now in prison in the Netherlands while awaiting extradition to the United States.

Sokolovsky was arrested by Dutch authorities in collaboration with the FBI and law enforcement partners in the Netherlands and Italy. Together, they managed to dismantle the infrastructure of Raccoon Infostealer and take the existing version of the malware offline.

The FBI was able to collect some of the data stolen by criminals from infected computers using the Raccoon Stealer malware.

“While an exact number has yet to be verified, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world. The credentials appear to include over four million email addresses. The United States does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate,” the Department of Justice said.

After the arrest of Sokolovsky, the Raccoon Stealer Group ceased operations, claiming that one of its leading developers had been killed during the invasion of Ukraine. However, in early June, the group resumed operations with the release of a new version built from scratch using C/C++. The new operation also include new back-end, front-end and new data theft capabilities.

The sources for this piece include an article in BleepingComputer.