Trickbot malware developer jailed for five years

A 40-year-old Russian man has been sentenced to five years and four months in prison by a US court, for his involvement in the Trickbot gang that deployed ransomware and stole money and sensitive information from businesses around the world.

Vladimir Dunaev, from Amur Oblast in the far east of Russia, was a key member of the Trickbot cybercrime gang, infamous for its sophisticated data-stealing Trojan that defrauded innocent internet users in the United States, UK, Australia, Canada, Germany, India, Italy, and elsewhere.

Millions of PCs worldwide are estimated to have been infected by Trickbot, stealing banking passwords, payment card details, social security numbers, and dates of birth from individuals, financial institutions, hospitals, school directs, and government departments. In recent years, Trickbot has also been used to spread ransomware.

Duanev was just one member of the Trickbot gang, who assisted the malware's development. His work included developing browser modifications for the malware for the Chrome and Firefox browsers, writing tools that helped steal credentials and data from infected PCs, and concealing Trickbot from being detected by security software.

The Russian's skills were also put to work recruiting other coders into the criminal gang, managing servers used to deploy the malware, and laundering stolen funds.

According to court documents, the Trickbot gang is thought to have defrauded victims of more than US $3.4 million between October 2018 and February 2021.

Duanaev, who went by the hacker handle of "FFX", was extradited to the United States in 2021, after being arrested at an airport in South Korea where he had become stranded during the Covid-19 pandemic.

"This sentencing demonstrates the department’s ability to place cybercriminals behind bars, no matter where they are located," said Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division. "In cooperation with our partners around the world, we will continue to bring cybercriminals to justice."

In June 2023, one of Dunaev’s co-conspirators pleaded guilty for her role in the conspiracy and was sentenced to two years and eight months in prison. 55-year-old Alla "Max" Witte, a Latvian mother-of-two based in Miami, was - similarly to Duanev - also developing code for the TrickBot malware gang.

The original indictment charged Dunaev, Witte, and a further five individuals for their alleged roles in developing, deploying, managing and profiting from Trickbot.

With sad inevitability, many of the Trickbot group's members are believed to have moved on to other cybercriminal ventures. That doesn't mean that law enforcement is standing by and doing nothing. Seven Russian men, some of whom are believed to have been previously involved in Trickbot, were last year hit by sanctions by the United Kingdom and United States in the hope that it will disrupt their operations.