Ukrainian National Pleads Guilty to Operating Raccoon Infostealer Malware-as-a-Service

A Ukrainian national, Mark Sokolovsky, has pleaded guilty in a federal court in Austin, Texas, to one count of conspiracy to commit computer intrusion.

According to court documents, Sokolovsky, 28, played a central role in operating the Raccoon Infostealer, a malware-as-a-service platform that facilitated the theft of sensitive data from unsuspecting victims. For just $200 a month, cybercriminals could lease access to the Raccoon Infostealer, paid for in cryptocurrency, giving them the tools they needed to infiltrate computers and steal valuable information such as login credentials, financial records, and other personal data.

The malware was typically deployed via phishing campaigns, where victims were tricked into downloading the malicious software onto their systems. Once installed, Raccoon Infostealer quietly siphoned off critical data, which was then used to commit financial crimes or sold on dark web forums. As U.S. Attorney Jaime Esparza for the Western District of Texas stated in the announcement, “The stolen information was often traded or sold to others on cybercrime forums.”

The widespread use of Raccoon Infostealer underscores the evolving nature of cybercrime, with MaaS platforms making sophisticated tools readily available to even low-level cybercriminals.

The arrest of Sokolovsky in March 2022 by Dutch authorities, in collaboration with the FBI and law enforcement agencies in Italy and the Netherlands, led to the dismantling of Raccoon Infostealer’s infrastructure. “In a coordinated takedown, the FBI and its partners took the then-active version of the malware offline,” noted court documents, effectively ending its operation—at least temporarily.

Following his extradition to the U.S. from the Netherlands in February 2024, Sokolovsky faced multiple charges, including conspiracy to commit computer intrusion, fraud, money laundering, and aggravated identity theft. As part of his plea, Sokolovsky agreed to a forfeiture of $23,975 and restitution of at least $910,844.61, acknowledging the significant financial harm caused by the criminal enterprise.

To address the vast number of individuals affected by the Raccoon Infostealer malware, the FBI launched a dedicated portal where people can check if their email address was compromised.

Related Posts:

• LummaC2 and Raccoon Stealer: The Rise of Certificate Abuse in Malware
• Crafty Infostealer Campaign Leverages Fake Adobe Reader Installer, Advanced Tricks to Evade Detection
• Inside a Python Infostealer: How Attackers Abuse Legitimate Platforms for Credential Theft
• Agent Tesla Loader Evolves: New Evasive Techniques Pose Rising Threat