{
	"id": "c92b28ab-39f2-43ba-b79c-4897da080f4a",
	"created_at": "2026-04-06T00:14:00.686359Z",
	"updated_at": "2026-04-10T13:13:09.749808Z",
	"deleted_at": null,
	"sha1_hash": "f1a9b79111202687e136a5abdf2a5e8670a79103",
	"title": "TrickBot malware dev pleads guilty, faces 35 years in prison",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3164731,
	"plain_text": "TrickBot malware dev pleads guilty, faces 35 years in prison\r\nBy Sergiu Gatlan\r\nPublished: 2023-12-01 · Archived: 2026-04-05 18:16:13 UTC\r\nOn Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the\r\nTrickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and\r\nworldwide.\r\nAccording to court documents, a 40-year-old individual, also known as FFX, oversaw the development of TrickBot's\r\nbrowser injection component as a malware developer.\r\nAllegedly, Dunaev's association with the TrickBot malware syndicate started in June 2016 after being hired as a developer\r\nfollowing a recruitment test requiring him to create an app simulating a SOCKS server and to alter the Firefox browser.\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-pleads-guilty-faces-35-years-in-prison/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-pleads-guilty-faces-35-years-in-prison/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nIn September 2021, he was arrested in South Korea while attempting to depart. Due to COVID-19 travel restrictions and an\r\nexpired passport, he had been forced to remain in South Korea for over a year. The extradition process was finalized on\r\nOctober 20, 2021.\r\n\"As set forth in the plea agreement, Vladimir Dunaev misused his special skills as a computer programmer to develop the\r\nTrickbot suite of malware,\" said U.S. Attorney Rebecca C. Lutzko.\r\n\"Dunaev and his codefendants hid behind their keyboards, first to create Trickbot, then using it to infect millions of\r\ncomputers worldwide — including those used by hospitals, schools, and businesses — invading privacy and causing untold\r\ndisruption and financial damage.\"\r\nThe TrickBot malware helped its operators harvest personal and sensitive information (including credentials, credit cards,\r\nemails, passwords, dates of birth, SSNs, and addresses) and steal funds from their victims' banking accounts.\r\nDunaev entered a guilty plea for charges related to conspiracy to commit computer fraud and identity theft, alongside\r\nconspiracy charges for wire and bank fraud. His sentencing is set for March 20, 2024, and he is facing a maximum sentence\r\nof 35 years in prison for both offenses.\r\nThe initial indictment charged Dunaev and eight codefendants for their alleged involvement in developing, deploying,\r\nadministering, and profiting from the Trickbot operation.\r\nDates Code description\r\nJuly 2016 - time\r\nof arrest\r\nModifying the Firefox web browser\r\nDecember 2016\r\nMachine Query that lets TrickBot determine the description, manufacturer, name, product, serial\r\nnumber, version, and content of the root file directory of an infected machine\r\nAugust 2016 -\r\nDecember 2018\r\nCode that grabs and saves from the web browser its name, ID, type, configuration files, cookies,\r\nhistory, local storage, Flash Local Shared Objects/LSO (Flash cookies)\r\nOctober 2016 -\r\ntime of arrest\r\nCode that searches for, imports, and loads files in the web browser's 'profile' folders; these contain\r\ncookies, storage, history, Flash LSO cookies. It also connects to the browser databases to make\r\nqueries and modify them\r\nJuly 2016 - time\r\nof arrest\r\nAn executable app/utility to launch and manage a web browser\r\nJuly 2016 - time\r\nof arrest\r\nCode that collects and modifies data entries in Google Chrome LevelDB database, browsing\r\nhistory included\r\nDunaev is the second TrickBot gang malware developer arrested by the U.S. Department of Justice. In February 2021,\r\nLatvian national Alla Witte (aka Max) was apprehended and charged with helping write the code used to control and deploy\r\nransomware on victims' networks.\r\nIn February and September, the United States and the United Kingdom sanctioned a total of 18 Russian nationals associated\r\nwith the TrickBot and Conti cybercrime gangs for their involvement in the extortion of at least $180 million from victims\r\nworldwide. Also, they warned that some Trickbot group members are associated with Russian intelligence services.\r\nInitially focused on stealing banking credentials when it surfaced in 2015, the TrickBot malware evolved into a modular tool\r\nleveraged by cybercrime organizations such as Ryuk and Conti ransomware for initial access into compromised corporate\r\nnetworks.\r\nFollowing several takedown attempts, the Conti cybercrime gang gained control of TrickBot, harnessing it to develop more\r\nsophisticated and stealthy malware strains, including Anchor and BazarBackdoor.\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-pleads-guilty-faces-35-years-in-prison/\r\nPage 3 of 4\n\nHowever, following Russia's invasion of Ukraine, a Ukrainian researcher leaked Conti's internal communications in what is\r\nnow known as the \"Conti Leaks.\"\r\nShortly after, an anonymous figure using the TrickLeaks moniker began leaking details about the TrickBot operation, further\r\noutlining its links with the Conti gang.\r\nUltimately, these leaks precipitated the shutdown of the Conti ransomware operation, resulting in its fragmentation into\r\nnumerous other ransomware groups, such as Royal, Black Basta, and ZEON.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/trickbot-malware-dev-pleads-guilty-faces-35-years-in-prison/\r\nhttps://www.bleepingcomputer.com/news/security/trickbot-malware-dev-pleads-guilty-faces-35-years-in-prison/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/trickbot-malware-dev-pleads-guilty-faces-35-years-in-prison/"
	],
	"report_names": [
		"trickbot-malware-dev-pleads-guilty-faces-35-years-in-prison"
	],
	"threat_actors": [],
	"ts_created_at": 1775434440,
	"ts_updated_at": 1775826789,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f1a9b79111202687e136a5abdf2a5e8670a79103.pdf",
		"text": "https://archive.orkl.eu/f1a9b79111202687e136a5abdf2a5e8670a79103.txt",
		"img": "https://archive.orkl.eu/f1a9b79111202687e136a5abdf2a5e8670a79103.jpg"
	}
}