Ukrainian pleads guilty to running Raccoon Infostealer malware, agrees to pay nearly $1 million

A Ukrainian national pleaded guilty in U.S. federal court Monday to operating the Raccoon Infostealer malware, according to a statement from the Department of Justice.

Mark Sokolovsky, 28, agreed to forfeit nearly $24,000 and pay at least $910,844 in restitution as part of the plea deal.

Sokolovsky was previously accused of being one of the “key administrators” of the malicious software that infects computers and steals personal information, including email addresses, identification numbers, bank account details and cryptocurrency information.

Raccoon Infostealer was sold as malware-as-a-service for approximately $200 per month, paid in cryptocurrency. The information stolen through this malware was both used to commit financial crimes and sold to others on cybercrime forums, according to the DOJ.

In March 2022, the FBI, in cooperation with law enforcement agencies in Italy and the Netherlands, dismantled the digital infrastructure supporting Raccoon Infostealer, taking it offline.

However, last April, Raccoon malware operators announced their return, introducing features that make it easier and more convenient to use while also being harder to detect.

Sokolovsky was arrested in the Netherlands and extradited to the U.S. in February 2024. Following his arrest, the FBI collected data stolen from many computers that had been infected with Raccoon malware.

Law enforcement has identified more than 50 million unique credentials and forms of identification, including email addresses, bank accounts, cryptocurrency addresses and credit card numbers in the data stolen by Raccoon Infostealer from millions of victims worldwide.