Feds say Ukrainian man working malware service amassed 50 million distinctive credentials | Honor Tech

Federal prosecutors charged a 26-year-old Ukrainian citizen with working a malware service liable for stealing delicate knowledge from greater than 2 million individuals worldwide.

Prosecutors in Texas mentioned Tuesday that Mark Sokolovsky, 26, of Ukraine helped run “Raccoon,” an information-stealing program that labored on a mannequin referred to as MaaS, quick for malware as a service. In trade for round $200 per thirty days in cryptocurrency, Sokolovsky and others behind Raccoon supplied clients with malware, digital infrastructure, and technical help. Clients would then use the service to contaminate targets with the malware, which might surreptitiously harvest credentials for financial institution and electronic mail accounts, bank cards, cryptocurrency wallets, and different personal info.

First noticed in April 2019, Raccoon was capable of extract delicate knowledge from a variety of functions, together with 29 standalone Chromium-based browsers, Mozilla-based functions, and cryptocurrency wallets from Exodus and Jaxx. Written in C++, the malware also can take screenshots. As soon as Raccoon has extracted all knowledge from an contaminated machine, it uninstalls itself and removes all traces of itself.

An indictment unsealed Tuesday mentioned greater than 2 million victims had private knowledge stolen by Raccoon. To this point, prosecutors mentioned they’ve recovered greater than 50 million distinctive credentials and types of identification taken within the operation and imagine there’s extra stolen knowledge that has but to be discovered.

Prosecutors wrote:

By means of numerous investigative steps, the FBI has collected stolen knowledge from many computer systems that cybercriminals contaminated with Raccoon Infostealer. Whereas an actual quantity has but to be verified, FBI brokers have recognized greater than 50 million distinctive credentials and types of identification (electronic mail addresses, financial institution accounts, cryptocurrency addresses, bank card numbers, and so on.) on knowledge stolen from what seems to be hundreds of thousands of potential victims world wide. The credentials seem to incorporate greater than 4 million electronic mail addresses. America doesn’t imagine it’s in possession of all the info stolen by Raccoon Infostealer and continues to research.

The FBI created an internet site that permits individuals to find out if their knowledge was amongst these recovered to this point. The location, raccoon.ic3.gov, permits guests to enter the e-mail handle of an account they management. If the handle is included within the recovered knowledge, the FBI will ship an electronic mail to the handle notifying the customer of the theft. Officers encourage individuals who imagine they’re victims to finish the report type utilizing this web page operated by the Web Crime Reporting Heart.

The unsealed indictment listed quite a lot of particular actions Sokolovsky allegedly took to assist function the Raccoon service. These actions included acquiring the transport layer safety certificates utilizing one of many internet domains internet hosting Raccoon, working accounts promoting Raccoon on on-line boards, and making a Git-based supply code repository account to reinforce and modify the Raccoon code.

On the identical time that Dutch authorities arrested Sokolovsky final March, the FBI and regulation enforcement companions within the Netherlands and Italy dismantled the Raccoon Infostealer infrastructure and took the prevailing model of the malware offline.

Prosecutors charged Sokolovsky with one rely of conspiracy to commit pc fraud and computer-related exercise; one rely of conspiracy to commit wire fraud; one rely of conspiracy to commit cash laundering; and one rely of aggravated id theft. If convicted, Sokolovsky faces a most sentence of 20 years in jail for the crimes of wire fraud and cash laundering, 5 years for the cost of conspiracy to commit pc fraud, and a consecutive obligatory time period of two years for the crime of theft. aggravated id.

The defendant is at present detained within the Netherlands pursuant to an extradition request from US authorities. In September, an Amsterdam court docket granted the extradition request. Sokolovsky stays in Amsterdam whereas that call is on attraction.