South Korea extradites Russian programmer to US

Russian citizen Vladimir Duneyev is believed to be a member of the malware development team TrickBot he was extradited to the United States and is currently facing charges that could lead to 60 years in prison.

Thirty-eight-year-old Dunayev, also known as FFX, was a malware developer who allegedly oversaw the development of TrickBot’s browser module, the indictment alleges.

He is the second programmer associated with the TrickBot gang to be arrested by the United States this year. It’s February Latvian citizen Ala Vit, known by the nickname Max, was arrested in Miami because she allegedly wrote code to control and implement ransomware.

Dunayev was arrested in South Korea in September while trying to leave the country. He was forced to stay there for more than a year due to travel restrictions due to Covid-19, and his passport expired in the meantime. The extradition ended on October 20.

Dunayev is believed to have been a member of the TrickBot gang since 2016, having previously passed tests in which he demonstrated his programming skills that the criminal group needed.

“He is capable of everything. We need such a person, “wrote one gang member who was in charge of recruiting programmers in a message he sent to another member of the group.

Since June 2016, the accused has been writing, modifying and updating with TrickBot, the indictment alleges. From October 19, 2017 to March 3, 2018, members of the TrickBot gang that included Dunajev and Vit managed to transfer more than $ 1.3 million from the victims’ bank accounts to their accounts.

The TrickBot group has at least 17 members, each of whom has their own responsibilities, so the group functions as a firm. The group has a malware manager, who manages finances, a malware programmer who works on TrickBot modules that he then passes on to others to encrypt them, a cryptor who encrypts TrickBot modules so they can avoid antivirus detection, and a spammer in charge of distributing TrickBot via spam and phishing. campaign

TrickBot, which originated on the Dyre banking Trojan code in 2015, was initially focused on stealing bank letters of credit, only to later become a modular malware that could install other malware as well. The TrickBot group is currently engaged ransomwareima which infects company networks, especially the Conti ransomware.

TrickBot has infected millions of computers, allowing its operators to steal personal and sensitive data (logins, credit cards, emails, passwords, dates of birth, SSNs, addresses), as well as money from victims’ bank accounts.

In addition to Dunayev and Vit, the US Department of Justice has filed charges against other members of the TrickBot group whose names have not been revealed and who are in various countries, including Russia, Belarus and Ukraine.

Source: by

*The article has been translated based on the content of by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!