An American court has filed charges against a 26-year-old Ukrainian national for his alleged involvement in the Raccoon Stealer malware-as-a-service (MaaS) enterprise.

On March 4, 2022, Mark Sokolovsky allegedly left Ukraine in a Porsche Cayenne. He was apprehended by Dutch law enforcement and is presently being imprisoned in the Netherlands while he is extradited to the United States.

The U.S. Department of Justice (DoJ) stated that those who used Raccoon Infostealer to steal data from victims “leased access to the malware for approximately $200 per month, paid for via cryptocurrencies.” These individuals installed the malware on the PCs of unknowing victims using a variety of tricks, including email phishing.

Also read, Organizations in Poland and Ukraine are affected by the new “Prestige” malware.

Sokolovsky is alleged to have used a variety of online aliases to market the service for sale on online cybercrime forums. These include Photix, raccoonstealer, and black21jack77777.

Because of its numerous capabilities and the flexibility to be customized by the malware, Raccoon Stealer. That is primarily spread under the guise of cracked software, is one of the most common information thieves.

The threat actors behind the operation, which has been ongoing since April 2019, abruptly stopped working on it in March, blaming the loss of a key member due to a “special operation.”

The brief closure was caused by Sokolovsky’s arrest and the subsequent demolition of the malware’s infrastructure by Italian and Dutch authorities. Contrary to what was initially believed to be the death of a coder in the Russo-Ukrainian War, according to court records.

However, as of June 2022, the second version of Raccoon Stealer coded in C/C++ has started to circulate on dark forums, with its creators praising the tool’s usability.

The Final Words

It will not be difficult for a child to learn how to handle logs with its assistance. The cybercrime gang wrote in a message released on its Telegram channel in May.

The malware is thought to have made it possible for 50 million unique credentials and forms of identification. These include email addresses, bank account numbers, cryptocurrency addresses, and credit card numbers to be stolen from millions of victims worldwide, according to the U.S. Federal Bureau of Investigation (FBI).

Also read Ukraine-Targeting Malware Indicators Revealed By US Cyber Command

The FBI created the website raccoon.ic3[.]gov to allow individuals to see if their email addresses appear in the Raccoon Stealer data. Because it is claimed that the credentials include over four million email addresses.

Sokolovsky is accused of one count each of conspiracy to commit wire fraud, and conspiracy to commit money laundering. Conspiracy to commit computer fraud, and one count each of conspiracy to commit aggravated identity theft.

If found guilty, the defendant faces a potential sentence of 20 years in prison for the money laundering and wire fraud charges. Five years in prison for the allegation of conspiring to commit computer fraud. And a required consecutive two-year sentence for the offense of aggravated identity theft.

According to U.S. Attorney Ashley C. Hoff, “This type of malware supports the cybercrime ecosystem, gathering important information. And enables cybercriminals to steal from innocent Americans and nationals around the world.”

Reference