A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced.
Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later.
“Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data mining from infected computers, facilitated and enhanced the remote access used by TrickBot actors, and created a program code to prevent the TrickBot malware from being detected by legitimate security software,” the DoJ said.
“During Dunaev’s participation in the scheme, 10 victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware deployed by TrickBot.”
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.
Dunaev, who pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud, faces a maximum of 35 years in prison. He is scheduled to be sentenced on March 20, 2024.
Dunaev is also the second TrickBot gang malware developer to be arrested after Alla Witte, a Latvian national who was sentenced to two years and eight months in prison in June 2023.
The development came nearly three months after the U.K. and U.S. governments sanctioned 11 individuals suspected of being part of the TrickBot cybercrime group.
TrickBot, which started off as a banking trojan in 2016, evolved into a multi-purpose tool capable of delivering additional payloads to infected hosts and acting as an initial access facilitator for ransomware attacks.
After surviving law enforcement to dismantle the botnet, the infamous Conti ransomware crew gained control over the operation. However, both Conti and TrickBot suffered a major blow last year following Russia’s invasion of Ukraine, when Conti pledged allegiance to Russia.
This led to a series of leaks dubbed ContiLeaks and TrickLeaks that gave away valuable information about their internal chats and infrastructure, ultimately resulting in the shut down of Conti and its disintegration into numerous other groups.