Feds say Ukrainian man running malware service amassed 50M unique credentials

Getty Images | Charles O’Rear

Federal prosecutors have charged a 26-year-old Ukrainian nationwide with working a malware service that was chargeable for stealing delicate information from greater than 2 million people all over the world.

Prosecutors in Texas mentioned on Tuesday that Mark Sokolovsky, 26, of Ukraine helped function “Raccoon,” an information stealer program that labored utilizing a mannequin referred to as MaaS, quick for malware-as-a-service. In trade for about $200 per thirty days in cryptocurrency, Sokolovsky and others behind Raccoon equipped prospects with the malware, digital infrastructure, and technical assist. Customers would then use the service to contaminate targets with the malware, which might surreptitiously harvest credentials for electronic mail and financial institution accounts, bank cards, cryptocurrency wallets, and different personal info.

First seen in April 2019, Raccoon was capable of extract delicate information from a variety of functions, together with 29 separate Chromium-based browsers, Mozilla-based apps, and cryptocurrency wallets from Exodus and Jaxx. Written in C++, the malware can even take screenshots. Once Raccoon has extracted all information from an contaminated machine, it uninstalls and deletes all traces of itself.

An indictment unsealed on Tuesday mentioned greater than 2 million victims had private information stolen by means of Raccoon. To date, prosecutors mentioned they’ve recovered greater than 50 million unique credentials and types of identification taken within the operation and consider there’s extra stolen information that has but to be discovered.

Prosecutors wrote:

Through varied investigative steps, the FBI has collected information stolen from many computer systems that cyber criminals contaminated with Raccoon Infostealer. While a precise quantity has but to be verified, FBI brokers have recognized greater than 50 million unique credentials and types of identification (electronic mail addresses, financial institution accounts, cryptocurrency addresses, bank card numbers, and many others.) within the stolen information from what seems to be tens of millions of potential victims all over the world. The credentials seem to incorporate over 4 million electronic mail addresses. The United States doesn’t consider it’s in possession of all the info stolen by Raccoon Infostealer and continues to analyze.

The FBI created a web site that permits individuals to find out if their information was amongst that recovered thus far. The website, raccoon.ic3.gov, permits guests to enter the e-mail handle of an account they management. If the handle is included within the recovered information, the FBI will ship the handle an electronic mail notifying the customer of the theft. Officials are encouraging individuals who consider they’re victims to finish the criticism type utilizing this web page operated by the Internet Crime Complaint Center.


The unsealed indictment listed a bunch of particular actions Sokolovsky allegedly carried out to assist function the Raccoon service. Those actions included acquiring the transport layer safety certificates utilizing one of many net domains that hosted Raccoon, running accounts that marketed Raccoon on on-line boards, and making a Git-based supply code repository account to be used in bettering and modifying the Raccoon code.

At the identical time that Dutch authorities arrested Sokolovsky final March, the FBI and regulation enforcement companions within the Netherlands and Italy dismantled Raccoon Infostealer’s infrastructure and took the malware’s current model offline.

Prosecutors charged Sokolovsky with one rely of conspiracy to commit laptop fraud and associated exercise in reference to computer systems; one rely of conspiracy to commit wire fraud; one rely of conspiracy to commit cash laundering; and one rely of aggravated id theft. If convicted, Sokolovsky faces a most penalty of 20 years in jail for the wire fraud and cash laundering offenses, 5 years for the conspiracy to commit laptop fraud cost, and a compulsory consecutive two-year time period for the aggravated id theft offense.

The defendant is at the moment being detained within the Netherlands pursuant to an extradition request by US authorities. In September, a court docket in Amsterdam granted the extradition request. Sokolovsky stays in Amsterdam whereas that call is on enchantment.


Please enter your comment!
Please enter your name here

Popular Posts

Together At Last: Titans Promises a Tighter Team and Darker Foes

The Titans have confronted interdimensional demons, assassins and a famously fearsome psychiatrist, however are they ready for what’s coming subsequent? HBO Max’s Titans returns...

Tweet Saying Nets ‘Formally Released Kyrie Irving’ Is Satire

Claim: The Brooklyn Nets launched Kyrie Irving from the NBA crew on Nov. 3, 2022. Rating: On Nov. 3,...

Data intelligence platform Alation bucks economic tendencies, raises $123M

Join us on November 9 to learn to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders on the Low-Code/No-Code Summit. Register...

Medieval II Kingdoms expansion release date revealed

If you’ve been itching for extra Total War gameplay, we’ve received one thing for you. Feral Interactive has lastly revealed the Total War:...