US expenses Ukrainian nationwide over alleged position in Raccoon Infostealer malware operation • TechCrunch

U.S. officers have charged a Ukrainian nationwide over his alleged position within the Raccoon Infostealer malware-as-a-service operation that contaminated thousands and thousands of computer systems worldwide.

Mark Sokolovsky — additionally identified on-line as “raccoonstealer,” in keeping with an indictment unsealed on Tuesday — is presently being held within the Netherlands whereas ready to be extradited to the US.

The U.S. Division of Justice accused Sokolovsky of being one of many “key directors” of the Raccoon Infostealer, a type of Home windows malware that steals passwords, bank card numbers, saved username and password mixtures, and granular location knowledge.

Raccoon Infostealer was leased to people for about $200 per thirty days, the DOJ stated, which was paid to the malware’s operators in cryptocurrency, usually Bitcoin. These people employed varied ways, comparable to COVID-19-themed phishing emails and malicious net pages, to put in the malware onto the computer systems of unsuspecting victims. The malware then stole private knowledge from their computer systems, together with login credentials, checking account particulars, cryptocurrency addresses, and different private info, which had been used to commit monetary crimes or bought to others on cybercrime boards.

An instance of one of many phishing emails despatched by the crime group. Picture Credit: U.S. Justice Division.

In accordance with U.S. officers, the malware stole greater than 50 million distinctive credentials and types of identification from victims all over the world since February 2019. These victims embody a monetary expertise firm based mostly in Texas and a person who had entry to U.S. Military info methods, in keeping with the unsealed indictment. Cybersecurity agency Group-IB stated the malware may have been used to steal worker credentials through the current Uber breach.

However the DOJ stated it “doesn’t imagine it’s in possession of all the info stolen by Raccoon Infostealer and continues to research.”

The Justice Division stated it labored with European regulation enforcement to dismantle the IT infrastructure powering Raccoon Infostealer in March 2022, when Dutch authorities arrested Sokolovsky. In accordance with one report, the malware operation claimed it was suspending its operations after certainly one of its lead builders was allegedly killed throughout Russia’s invasion of Ukraine. A brand new model of Raccoon Infostealer was reportedly launched in June this 12 months.

The FBI additionally introduced on Tuesday that it has created an internet site that permits anybody to test if their knowledge is contained within the U.S. authorities’s archive of data stolen by Raccoon Infostealer.

“This case highlights the significance of the worldwide cooperation that the Division of Justice and our companions use to dismantle fashionable cyber threats,” stated Deputy Legal professional Normal Lisa O. Monaco. “As mirrored within the variety of potential victims and world breadth of this assault, cyber threats don’t respect borders, which makes worldwide cooperation all of the extra crucial. I urge anybody who thinks they might be a sufferer to comply with the FBI’s steering on the way to report your potential publicity.”

Sokolovsky is charged with laptop fraud, wire fraud, cash laundering, and id theft and faces as much as 20 years in jail if discovered responsible. The DOJ stated Sokolovsky is interesting a September 2022 choice by the Amsterdam District Court docket granting his extradition to the US.