Mark Sokolovsky, a Ukrainian national, has been sentenced to five years in prison for his role in running the Raccoon Stealer malware operation, a scheme that enabled cybercrime on a massive scale.
Using aliases like “raccoon-stealer” and “Photix,” Sokolovsky and his team rented out the malware through a subscription model, charging $75 per week or $200 per month. This made it easy for criminals worldwide to access a powerful tool for stealing sensitive information.
Once installed on a victim’s device, Raccoon Stealer would harvest everything from login credentials and cryptocurrency wallets to credit card details and email accounts. It targeted data from dozens of apps, leaving victims exposed to fraud, identity theft, and financial loss.
Sokolovsky was arrested in the Netherlands in March 2022, while the FBI worked with Dutch and Italian authorities to take the malware offline by dismantling its infrastructure. Around the same time, the group behind Raccoon Stealer announced a pause in operations, claiming one of their developers had died during the war in Ukraine. However, the malware reappeared later with even more advanced capabilities.
After being extradited to the U.S. in February 2024, Sokolovsky faced charges of fraud, money laundering, and identity theft. He pleaded guilty in 2023 and agreed to pay over $910,000 in restitution.
“Mark Sokolovsky was a central figure in an international cybercrime conspiracy that victimized millions,” said U.S. Attorney Jaime Esparza. “His operation lowered the bar for committing complex cybercrimes, making them accessible even to amateurs.”
FBI Special Agent Aaron Tapp added, “Raccoon Stealer compromised over 52 million user credentials, fueling further fraud and ransomware attacks across the globe.”
