Ukrainian Behind Raccoon Stealer Operations Extradited to US – Source: www.databreachtoday.com

Cybercrime
,
Fraud Management & Cybercrime

Mark Sokolovsky Has Fought Extradition From the Netherlands Since March 2022 Arrest

Mihir Bagwe (MihirBagwe) •
February 16, 2024    

A Dutch court extradited a Ukrainian national to the United States, where he faces criminal charges related to his role in the malware-as-a-service Raccoon info stealer.

See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government

The extradition of Mark Sokolovsky, 28, comes nearly two years after Netherlands police arrested him in March 2022 at the behest of U.S. authorities. Federal prosecutors accused Sokolovsky of setting up the technical infrastructure used to sell the info stealer and of contributing to improving its code. A grand jury indicted him for conspiracy to commit fraud, wire fraud, money laundering and one count of aggravated identity theft.

Raccoon, which first emerged in 2019, is one of about two dozen malware-as-a-service info stealers available online, generally for $200 to $300 a month. Others include Redline, Vidar and Agent Tesla. Their operators advertise on dark web forums and have grown their malware in sophistication to steal not just payment card data stored in browsers but cookie sessions and logon credentials, according to a 2023 presentation at an annual FIRST conference by an analyst with threat intelligence firm S2W. Advanced versions can grab data from browser plug-ins, such as second-factor authentication codes and VPN credentials.

Orange España, Spain’s second-largest mobile provider, earlier this year suffered a connectivity outage that lasted several hours, after an attacker changed the company’s internet routing settings. The attacker gained to the settings by infecting an employee computer with Raccoon Stealer, cybersecurity firm HudsonRock said.

Sokolovsky’s arrest was timed with an international law enforcement operation that dismantled the infrastructure supporting Raccoon at the time (see: US Indicts Ukrainian for Role in Raccoon Malware Scheme).

FBI agents identified more than 50 million unique credentials and forms of identification, such as bank accounts and cryptocurrency addresses, that had been siphoned by Raccoon users. The future of Raccoon Stealer became uncertain following Sokolovsky’s arrest, but his co-conspirators made a comeback last year with an updated version of the malware.

Version 2.3.0 of the malware introduced new functionality, such as improved search of stolen data sets, automatic bot blocking and evasion of IP addresses used by security practitioners to monitor Raccoon traffic, Cyberint found.

Raccoon is written in C++, meaning it can compromise all three major operating systems: Windows, MacOS and Linux, researchers at Quorum Cyber said.

Notable Raccoon victims last year included eight Indian government entities, including the central paramilitary forces and the tax agency, reported the Indian Express.

Sokolovsky made a court appearance on Feb. 9 and is being held in custody pending trial.