A Russian national has admitted to his role in developing and using the notorious TrickBot malware.
Vladimir Dunaev, 40, pleaded guilty to his involvement in the development and deployment of the TrickBot malware, which was used in cyberattacks against organizations worldwide, including hospitals and schools, causing tens of millions of dollars in losses.
Around since 2016, TrickBot was used to steal money and information, and acted as an initial access vector for other malware families, including ransomware such as Ryuk and Conti. The operation was taken down by law enforcement in 2022.
While active, the malware infected millions of computers worldwide, allowing threat actors to harvest sensitive information, including banking credentials, credit card numbers, social security numbers, dates of birth, emails, and passwords.
Dunaev, according to court documents, was part of the Trickbot gang between November 2015 and August 2020. In his role, he built “browser modifications and malicious tools that aided in credential harvesting and data mining from infected computers.”
He also developed tools that enabled the TrickBot operators to access the infected systems remotely, and helped the malware evade detection.
Documents presented in court also show that, while Dunaev was actively involved in the scheme, TrickBot was used to deploy ransomware on the networks of 10 victims in the United States, including schools and a real-estate company, which were defrauded of more than $3.4 million.
Arrested in South Korea, Dunaev was extradited to the US in 2021. He is scheduled for sentencing on March 20, 2024.
Dunaev pleaded guilty to two counts of conspiracy to commit computer fraud and identity theft, and wire fraud and bank fraud. He faces up to 35 years in prison.