U.S. officials have charged a Ukrainian national over his alleged role in the Raccoon Infostealer malware-as-a-service operation that infected millions of computers worldwide.
Mark Sokolovsky — also known online as “raccoonstealer,” according to an indictment unsealed on Tuesday — is currently being held in the Netherlands while waiting to be extradited to the United States.
The U.S. Department of Justice accused Sokolovsky of being one of the “key administrators” of the Raccoon Infostealer, a form of Windows malware that steals passwords, credit card numbers, saved username and password combinations, and granular location data.
Raccoon Infostealer was leased to individuals for approximately $200 per month, the DOJ said, which was paid to the malware’s operators in cryptocurrency, typically Bitcoin. These individuals employed various tactics, such as COVID-19-themed phishing emails and malicious web pages, to install the malware onto the computers of unsuspecting victims. The malware then stole personal data from their computers, including login credentials, bank account details, cryptocurrency addresses, and other personal information, which were used to commit financial crimes or sold to others on cybercrime forums.
According to U.S. officials, the malware stole more than 50 million unique credentials and forms of identification from victims around the world since February 2019. These victims include a financial technology company based in Texas and an individual who had access to U.S. Army information systems, according to the unsealed indictment. Cybersecurity firm Group-IB said the malware may have been used to steal employee credentials during the recent Uber breach.
But the DOJ said it “does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate.”
The Justice Department said it worked with European law enforcement to dismantle the IT infrastructure powering Raccoon Infostealer in March 2022, when Dutch authorities arrested Sokolovsky. According to one report, the malware…