U.S. prosecutors unveiled a Ukrainian man’s bounty of 50 million unique credentials in one extraordinary malware scheme. Tap or click here for steps to remove malware from your phone or computer.
Mark Sokolovsky allegedly sold his malware as a service (MaaS) to countless cybercriminals on the Dark Web. It’s been active since 2018 and was used to steal credentials from more than 2 million people globally.
Read on for details on this dangerous malware variant and a way to find out if your credentials were stolen.
Here’s the backstory
Authorities claim that Mark Sokolovsky was at the helm of one of the largest data-collection conquests in recent memory.
Raccoon Infostealer, a brand of malware that Sokolovsky is an administrator of, is used to farm personal and corporate devices for login credentials, credit card numbers and more.
Other criminals could lease this nefarious software for around $200 monthly, usually paid in cryptocurrency. After paying for the malware, it could be delivered through various phishing schemes, malicious web pages, messages, emails and more.
Once your device is infected with malware, your personal data is as good as the criminals.
Sokolovsky was arrested earlier this year in the Netherlands. Charges include four related counts of criminal activity, including conspiracy to commit computer and wire fraud.
Victims of Raccoon Infostealer hail from around the world. Things are so bad that the FBI has created a free online tool to see if your credentials were stolen in this elaborate scheme.
The tool is simple to use. Just enter your email address in the provided search block on the portal and then click Submit.
You will receive an email if the address you provided shows up in the Racoon Infostealer data possessed by law enforcement. The confirmation email supplies additional information, resources and links.
If you do not receive an email, the address you provided does not show up in the Raccoon Infostealer data available to date.
Tips for keeping your data safe
Malware like this is commonly spread through phishing attacks. That’s why it’s best to know how to spot them and fight back before it’s too late.
Here are some ways to avoid falling victim:
- Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
- Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.
- Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information.
- Beware of phishing emails — Scammers piggyback on breaches or events in the news by sending malicious emails to trick you into clicking their links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
- Use strong, unique passwords — Need help creating better passwords? Tap or click here for ways to secure your online accounts.
- Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
Convincing bank text scams could cost you thousands