.png?width=1816&height=566&name=brandmark-design%20(83).png "brandmark-design (83)")
On October 7, 2024, Ukrainian national Mark Sokolovsky, 28, pleaded guilty in federal court to conspiracy to commit computer intrusion, admitting his role in the notorious Raccoon Infostealer cybercrime operation, according to the US Attorney's Office for the Western District of Texas. His crime? Operating the Raccoon Infostealer, a malware-as-a-service (MaaS) platform that allowed cybercriminals to rent the malware for as little as $75 per week or $200 per month, enabling even those with limited technical skills to execute significant attacks.
Raccoon Infostealer is a sophisticated piece of malware designed to steal sensitive information from infected devices. This includes browser credentials, cryptocurrency wallets, credit card details, email data, and other personal information from dozens of applications. Through sophisticated phishing schemes, Sokolovsky and his co-conspirators tricked victims into unknowingly installing the Raccoon malware, giving them access to sensitive personal data, which was then sold or used to commit financial crimes.
Originally developed by Russian-speaking programmers, Raccoon Stealer was first promoted on Russian hacking forums. Over time, it expanded to English-speaking forums, targeting both 32-bit and 64-bit systems. By the time the malware's operation was uncovered, experts estimate that over 100,000 users worldwide had fallen victim to it.
Raccoon Infostealer first surfaced in 2018, with Mark Sokolovsky identified as one of its key administrators. In March 2022, the FBI dealt a major blow by dismantling the infrastructure behind the malware, seizing a large cache of stolen data. In an effort to help victims, the FBI created a website where individuals can check if their data was compromised in the Raccoon-related information archive.
However, the operation didn’t end there. Just months after the takedown, cybersecurity researchers from Sekoia discovered signs of a new version of Raccoon Stealer circulating online. Operators of the malware had vowed their return on Russian-language hacking forums in March 2022, and by May, Raccoon Stealer v2 was actively being sold on Telegram and various hacking forums. Within weeks, its administration panel started appearing in searches on the Shodan search engine, marking the resurgence of this dangerous tool.
Cybercriminals are constantly evolving, and even dismantled operations can come back stronger in new forms. The updated version of the malware continued to target applications like cryptocurrency wallets (Electrum, Ethereum, Monero) and major browsers such as Firefox, Google Chrome, and Edge. Law enforcement uncovered over 50 million unique credentials, including email addresses, bank accounts, and credit card details, stolen from millions of victims.
Sokolovsky was extradited to the U.S. in early 2024 after facing charges of fraud, money laundering, and identity theft. As part of his plea deal, he agreed to forfeit $24,000 and pay $910,000 in restitution, a fraction of the damage caused by his cybercriminal enterprise. The case was handled by the FBI’s Austin Cyber Task Force, with U.S. Attorney Jaime Esparza announcing the guilty plea.
