{
	"id": "276b9d6f-d533-4b6c-b519-9c7fd8e1fe44",
	"created_at": "2026-04-06T00:14:09.462393Z",
	"updated_at": "2026-04-10T03:20:16.335461Z",
	"deleted_at": null,
	"sha1_hash": "8de2cfb4911e58815826eba5513102388b44fc3e",
	"title": "TrickBot malware dev extradited to U.S. faces 60 years in prison",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2209833,
	"plain_text": "TrickBot malware dev extradited to U.S. faces 60 years in prison\r\nBy Ionut Ilascu\r\nPublished: 2021-10-29 · Archived: 2026-04-05 22:45:08 UTC\r\nA Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and\r\nis currently facing charges that could get him 60 years in prison.\r\n38-year old Vladimir Dunaev, also known as FFX, was a malware developer that supervised the creation of TrickBot’s\r\nbrowser injection module, the indictment alleges.\r\nHe is the second malware developer associated with the TrickBot gang that the Department of Justice arrested this year. In\r\nFebruary, Latvian national Alla Witte, a.k.a. Max, was arrested for writing code related to the control and deployment of\r\nransomware.\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOld member of the gang\r\nDunaev was arrested in South Korea in September as he was trying to leave the country. He had been forced to stay there for\r\nmore than a year due to Covid-19 travel restrictions and his passport expired. The extradition completed on October 20.\r\nDunaev is believed to have been involved with the TrickBot gang since mid-2016 following a recruitment test that involved\r\ncreating an application that simulated a SOCKS server and altering a copy of the Firefox browser.\r\nHe passed both tests with flying colors, showing skills that the TrickBot gang needed. “He’s capable of everything. Such a\r\nperson is needed,” reads a conversation between two members of the gang responsible for recruiting developers.\r\nStarting June 2016, the defendant created, modified, and updated code for the TrickBot malware gang, the indictment\r\nalleges.\r\nDates Code description\r\nJuly 2016 - time of\r\nthe arrest\r\nmodifying Firefox web browser\r\nDecember 2016 -\r\ntime of the arrest\r\nMachine Query that lets TrickBot determine the description, manufacturer, name, product, serial\r\nnumber, version, and content of the root file directory of an infected machine\r\nAugust 2016 -\r\nDecember 2018\r\nCode that grabs and saves from the web browser its name, ID, type,  configuration files,\r\ncookies, history, local storage, Flash Local Shared Objects/LSO (Flash cookies)\r\nOctober 2016 -\r\n time of the arrest\r\nCode that searches for, imports, and loads files in the web browser's 'profile' folders; these\r\ncontain cookies, storage, history, Flash LSO cookies. It also connects to the browser databases to\r\nmake queries and to modify them\r\nJuly 2016 - time of\r\nthe arrest\r\nAn executable app/utility to launch and manage a web browser\r\nJuly 2016 - time of\r\nthe arrest\r\nCode that collects and modifies data entries in Google Chrome LevelDB database, browsing\r\nhistory included\r\nBetween October 19, 2017, and March 3, 2018, members of the TrickBot gang that included Dunaev and Witte successfully\r\nwired more than $1.3 million from victim bank accounts.\r\nLarge, well-organized group\r\nAccording to the indictment, the TrickBot gang has at least 17 members, each with specific attributes within the operation:\r\nMalware Manager - who outlines the programming needs, manages finances, deploys TrickBot\r\nMalware Developer - who develops TrickBot modules and hands them to others to encrypt\r\nCrypter - who encrypt the TrickBot modules so that they evade antivirus detection\r\nSpammer - who use distribute TrickBot through spam and phishing campaigns\r\nCreated from the ashes of the Dyre banking trojan in 2015, TrickBot focused on stealing banking credentials initially, via\r\nweb injection and logging the victim user’s keystrokes.\r\nLater, it developed into modular malware that could also distribute other threats. These days, the gang has a preference for\r\ndropping ransomware on company networks, Conti in particular.\r\nTrickBot is believed to have infected millions of computers, enabling its operators to steal personal and sensitive\r\ninformation (logins, credit cards, emails, passwords, dates of birth, SSNs, addresses) and steal funds from victims' banking\r\naccounts.\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/\r\nPage 3 of 4\n\nThe malware has impacted businesses in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India,\r\nItaly, Mexico, Spain, and Russia.\r\nApart from Dunaev and Witta, the DoJ has indicted other members of the TrickBot gang whose names have not been\r\nrevealed and are located in various countries, Russia, Belarus, and Ukraine among them.\r\nDunaev is currently facing multiple counts of aggravated identity theft, wire fraud, bank fraud. as well as conspiracy to\r\ncommit computer fraud, aggravated identity theft, and money laundering.\r\nAll the charges against him come with a maximum penalty of 60 years in a federal prison.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison/"
	],
	"report_names": [
		"trickbot-malware-dev-extradited-to-us-faces-60-years-in-prison"
	],
	"threat_actors": [],
	"ts_created_at": 1775434449,
	"ts_updated_at": 1775791216,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8de2cfb4911e58815826eba5513102388b44fc3e.pdf",
		"text": "https://archive.orkl.eu/8de2cfb4911e58815826eba5513102388b44fc3e.txt",
		"img": "https://archive.orkl.eu/8de2cfb4911e58815826eba5513102388b44fc3e.jpg"
	}
}