Skip links

Feds cuff Russian said to be developer of ‘Trickbot’ ransomware

The US Department of Justice claims it’s arrested a member of a gang that deployed the Trickbot ransomware.

A heavily-redacted indictment names Vladimir Dunaev as a developer of the malware, and alleges he was “a Malware Developer for the Trickbot Group, overseeing the creation of internet browser injection, machine identification, and data harvesting codes used by the Trickbot malware”.

Trickbot is a banking trojan derived from a similar piece of malware called “Dyre”. The DoJ claims it could “capture online banking login credentials and harvest other personal information, including credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses from infected computers through the use of web injects and keystroke logging”.

The software was frequently updated – new variants were spotted in July 2021 – and eventually gained ransomware functions. It kept evolving even after some parts of its network were nixed.

The indictment alleges that Trickbot’s developers have been at work since 2015.

Dunaev’s been charged with running Trickbot, unauthorised access to computers, stealing money, and laundering the proceeds through US bank accounts.

Intriguingly, the indictment says Dunaev resided “in the Yakutsk region of Russia and in Southeast Asia” but was last week extradited from South Korea. Just how he ended up there is not explained in either the DoJ announcement or the indictment.

Dunaev is the second person charged with running Trickbot. Latvian Alla Witte was arrested in February 2021 and indicted in June of the same year.

Redactions in Dunaev’s indictment document black out the names of other defendants, suggesting more of the Trickbot gang has been identified. Among those mentioned but not named is one gang member whose job title was “Malware Manager” – just imagine having that on your business card. ®