Raccoon Infostealer Operator

In a significant development in the fight against cybercrime, Ukrainian national Mark Sokolovsky, 28, has been extradited to the United States from the Netherlands to face charges related to his alleged involvement with the Raccoon Infostealer malware.

This extradition marks a critical step in addressing the substantial impact of Raccoon Infostealer’s cybercrimes and highlights the international cooperation necessary to combat such threats.

You can analyze a malware file, network, module, and registry activity with the ANY.RUN malware sandbox, and the threat intelligence look-up will let you interact with the OS directly from the browser. 

The Extradition Process

Sokolovsky’s extradition followed a U.S. grand jury indictment for fraud, money laundering, and aggravated identity theft.

His arrest by Dutch authorities in March 2022 was part of a coordinated effort with the FBI and law enforcement partners in Italy and the Netherlands, which also saw the dismantling of the digital infrastructure supporting Raccoon Infostealer

Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

The extradition process involved substantial international collaboration, with the U.S. Department of Justice working closely with foreign partners to secure Sokolovsky’s transfer to American soil. This case underscores the global nature of cybercrime and the necessity for cross-border legal cooperation to bring perpetrators to justice.

Raccoon Infostealer, a malware-as-a-service (MaaS), has profoundly impacted cybersecurity worldwide. For approximately $200 per month, cybercriminals could lease access to the malware, which they used to infect victims’ computers through deceptive tactics like email phishing.

The malware harvested personal data, including login credentials, financial information, and other sensitive records. This stolen information was either used to commit financial crimes or sold on cybercrime forums

The FBI has identified over 50 million unique credentials and forms of identification stolen by Raccoon Infostealer, indicating the vast scale of the operation. The stolen data includes over four million email addresses, among other personal identifiers.

The U.S. government has set up a website for individuals to check if their email addresses are among the compromised data, emphasizing the widespread impact of this cybercrime operation.

Background of Raccoon Infostealer

First observed in April 2019, the Raccoon Infostealer quickly became a popular and effective tool among cybercriminals due to its simplicity and low cost.

The malware targeted a wide range of data, including browser passwords, credit card information, and cryptocurrency wallets. It was designed to infect both 32-bit and 64-bit Windows-based systems and could even break TLS encryption under certain conditions

Interestingly, some versions of Raccoon would halt operations if the target’s system language was set to Russian, Ukrainian, or other languages from the region, suggesting a measure to avoid infecting systems in specific countries. 

Raccoon returned in June 2022 with an updated version despite a brief shutdown due to the Ukraine war, illustrating the ongoing threat that such malware poses.

The extradition of Mark Sokolovsky is a testament to international law enforcement agencies’ relentless pursuit of cybercriminals.

The Raccoon Infostealer case highlights the importance of global cooperation in the digital age, where cyber threats know no borders.

As the legal proceedings against Sokolovsky continue, the cybersecurity community remains vigilant, and the public is urged to take proactive measures to protect their digital identities.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.