26 October 2022

**Ukrainian charged with malware scheme that infected millions worldwide**

Sokolovsky (also known online as raccoonstealer, Photix, and black21jack77777, according to the unsealed indictment) was arrested in March 2022 and is currently jailed in the Netherlands while waiting to be extradited to the United States. . .According to court documents, Sokolovsky was charged on Nov. 21 of last year. In late August, the United States formally requested Sokolovsky be extradited, with the Amsterdam District Court granting his removal on Sept. 13.

✓  Investigators have identified more than 50 million unique pieces of information — including credit card and bank account numbers — that they say were stolen with the program. Prosecutors say they have yet to uncover the full scope of the operation.

The FBI has set up a website where people can check whether they may have been a victim of a Racoon attack: raccoon.ic3.gov.

IN BRIEF 



www.mykxlg.com

Ukrainian man charged in US with 'Raccoon' malware scheme

AP
1 - 2 minutes

SAN ANTONIO (AP) — U.S. prosecutors say a Ukrainian man has been arrested on federal cybercrime charges in an alleged scheme that for years used malware to steal information from millions of people around the world. An indictment unsealed this month charges Mark Sokolovsky with renting a program know as Raccoon Infostealer, which others used to steal personal information and financial data from more than 2 million people. Prosecutors say Sokolovsky was arrested by authorities in the Netherlands in March. The 26-year-old is appealing to stop his extradition to Texas for trial. Court records do not list an attorney for him.

 

www.bleepingcomputer.com

Ukrainian charged for operating Raccoon Stealer malware service

Sergiu Gatlan
7 - 9 minutes

Raccoon

26-year-old Ukrainian national Mark Sokolovsky has been charged for involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation.

Raccoon Stealer is an information-stealing trojan distributed under the MaaS (malware-as-a-service) model that threat actors can rent for $75/week or $200/month.

Subscribers also get access to the admin panel that lets them customize the malware, retrieve the stolen data (also known as logs), and create new malware builds.

 

Raccoon Stealer is very popular since it steals a wide range of information from infected devices, such as stored browser credentials and information, credit cards, cryptocurrency wallets, email data, and various other types of sensitive data from numerous applications.

Sokolovsky (also known online as raccoonstealer, Photix, and black21jack77777, according to the unsealed indictment) was arrested in March 2022 and is currently jailed in the Netherlands while waiting to be extradited to the United States.

While Dutch authorities arrested the defendant, the FBI and law enforcement partners in the Netherlands and Italy dismantled Raccoon Infostealer's infrastructure and took down the malware's existing version offline.

Around the time of the arrest, BleepingComputer reported that the Raccoon Stealer cybercrime group suspended its operations after claiming on Russian-speaking hacking forums that one of its lead developers was killed during the invasion of Ukraine.

Since then, the Raccoon Stealer operation has been relaunched in early June with the release of a new version, built from scratch using C/C++ and featuring a new back-end, front-end, as well as new data theft capabilities.

Raccoon Stealer 2.0 panel
Raccoon Stealer 2.0 panel (@3xp0rtblog)

​Since March, the FBI has been collecting some of the data stolen by cybercriminals using the Raccoon Stealer malware from infected computers.

"While an exact number has yet to be verified, FBI agents have identified more than 50 million unique credentials and forms of identification (email addresses, bank accounts, cryptocurrency addresses, credit card numbers, etc.) in the stolen data from what appears to be millions of potential victims around the world," the Department of Justice said in a press release today.

"The credentials appear to include over four million email addresses. The United States does not believe it is in possession of all the data stolen by Raccoon Infostealer and continues to investigate."

The FBI has also created a website that allows anyone to check if their data is contained in the U.S. government's archive of Raccoon Infostealer stolen information.

Those who had their data stolen will receive a confirmation email with additional info, resources, and links at the address they provided when searching the U.S. government's Raccoon Infostealer Disclosure portal.

"Please note that Raccoon Infostealer may have compromised other personal data such as financial information without stealing an email address," the portal further explains."

No comments: