December 1, 2023 at 04:52PM
A Russian developer pleaded guilty to creating Trickbot malware, which has targeted global institutions since 2016. Arrested in South Korea, Vladimir Dunaev faces up to 35 years in prison. Trickbot, first for banking credential theft, evolved and was used by cybercrime groups before being disrupted by leaks.
Summary:
– Russian national Vladimir Dunaev pleaded guilty to charges related to involvement with the Trickbot malware.
– Dunaev, also known as FFX, helped develop Trickbot’s browser injection component starting in June 2016.
– He was arrested in South Korea in September 2021 due to an expired passport and COVID-19 travel restrictions.
– Dunaev faces a maximum sentence of 35 years for conspiracy to commit computer fraud and identity theft, wire, and bank fraud.
– The initial indictment included Dunaev and eight other codefendants for their roles in the Trickbot operation.
– Dunaev is the second TrickBot developer arrested following Latvian national Alla Witte’s apprehension in February 2021.
– The U.S. and U.K. governments have sanctioned 18 Russian nationals linked to the TrickBot and Conti cybercrime gangs.
– TrickBot evolved from a banking credential stealer to a versatile tool used by cybercriminals, including the Conti and Ryuk ransomware gangs.
– The Conti operation controlled TrickBot until the “Conti Leaks” exposed their activities, followed by TrickLeaks.
– The exposure led to Conti’s shutdown and the emergence of new ransomware groups like Royal, Black Basta, and ZEON.
Key Details:
– Dunaev was involved in creating various components for Trickbot from July 2016 until his arrest that included tasks like browser modification and data collection.
– His expertise in computer programming was instrumental in developing Trickbot to steal sensitive information and funds from victims.
– If convicted, his sentencing is scheduled for March 20, 2024.
– The Conti Leaks and TrickLeaks disclosures impacted the cybersecurity landscape by revealing internal operations of cybercrime groups and leading to the dissolution of the Conti gang.
Dates and Code Descriptions Associated with TrickBot Development:
– July 2016: Firefox browser modification, launch, and manage a web browser; collect and modify Chrome database and browsing history.
– December 2016: Created a Machine Query for TrickBot to check information on infected machines.
– August 2016 – December 2018: Developed code to capture browser details like cookies, history, and other local storage data.
– October 2016: Developed code to interact with browser ‘profile’ folders databases.
– February 2021: Alla Witte’s arrest related to the TrickBot operation.
– February and September: US and UK sanctioned individuals linked to TrickBot and Conti.