Vladimir Dunaev made his first appearance in federal court this week
A Russian national suspected of being a member of the Trickbot gang has been extradited from South Korea to the US, and has made his first appearance in federal court.
Vladimir Dunaev, 38, is alleged to have worked as a malware developer for the Trickbot group, managing the malware’s execution, developing popular browser modifications, and helping to conceal the malware from detection by security software.
“Trickbot attacked businesses and victims across the globe and infected millions of computers for theft and ransom, including networks of schools, banks, municipal governments, and companies in the healthcare, energy, and agriculture sectors,” deputy attorney general Lisa Monaco said in a Department of Justice (DoJ) news release yesterday (October 28).
Behind the bot
Trickbot, a computer banking trojan and ransomware suite of malware, uses web injects and keystroke logging to steal online banking credentials, credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses. Later versions were adapted to facilitate the installation and use of ransomware.
This summer, according to IBM, the gang boosted its network by signing up two new distribution affiliates. And in October, Check Point Software reported that Trickbot topped its September Global Threat Index as the most prevalent malware.
The indictment alleges that between November 2015 and August 2020, Dunaev and others stole money and confidential information from individuals, financial institutions, school districts, utility companies, government entities and private businesses.
Stolen login credentials and other personal information were, says the DoJ, used to gain access to online bank accounts, execute unauthorized electronic funds transfers and launder the money through US and foreign accounts.
Dunaev is charged with conspiracy to commit computer fraud and aggravated identity theft, conspiracy to commit wire and bank fraud, conspiracy to commit money laundering, and multiple counts of wire fraud, bank fraud, and aggravated identity theft.
If convicted of all counts, he faces a maximum penalty of 60 years’ imprisonment.
Earlier this year, Latvian national Alla Witte, aka Max, 55, was charged with similar offences. According to the indictment, there are at least another 15 members of the gang, including malware managers, malware developers, encrypters and spammers.