A suspected member of the infamous Trickbot group has been extradited to the US, where he faces decades behind bars if found guilty.
Russian national Vladimir Dunaev, 38, made his first appearance in a federal court on Thursday after being extradited from South Korea to the Northern District of Ohio.
He’s accused of working with others to steal money and sensitive information and infecting millions of computer systems from a range of victim organizations and individuals with Trickbot malware.
Specifically, Dunaev is said to have been a malware developer for the loose coalition of freelance programmers – a role that allegedly involved managing the execution of the malware, developing popular browser modifications and helping to conceal the malware from detection by security software.
Trickbot deployed web injects and keystroke logging to steal online banking credentials, credit card numbers, emails, passwords, dates of birth, social security numbers and addresses from compromised machines, according to the Department of Justice (DoJ).
It said that hijacked bank accounts weren’t only used as a source of funds but also to launder money.
“The Trickbot malware was designed to steal the personal and financial information of millions of people around the world, thereby causing extensive financial harm and inflicting significant damage to critical infrastructure within the United States and abroad,” said acting US attorney Bridget Brennan of the Northern District of Ohio.
“Today’s announcement underscores the great lengths federal law enforcement officials and our international partners will go to hold these alleged cyber-criminals accountable for their actions.”
Although not mentioned in the DoJ release, Trickbot was also used extensively to provide initial access into victim machines — this access was then sold to ransomware actors and others, who used it to deploy Ryuk, Conti and other variants.
According to the court documents, Dunaev and his co-conspirators worked from November 2015 to August 2020.
He’s charged with conspiracy to commit computer fraud and aggravated identity theft; conspiracy to commit wire and bank fraud; conspiracy to commit money laundering; and multiple counts of wire fraud, bank fraud, and aggravated identity theft. If convicted, Dunaev faces a maximum of 60 years behind bars.
His extradition comes several months after 55-year-old Latvian, Alla Witte, was charged with multiple counts for her alleged role in developing the Trickbot malware.