The US Department of Justice charged a woman for her alleged involvement as a programmer in a cybercrime group that helped develop TrickBot, according to The Hacker News.
The woman in question, Alla Witte, nicknamed Max, of Paramaribo, Suriname, was arrested on February 6 in Miami, Florida. Witte is charged with 19 counts, including conspiracy to commit computer fraud and aggravated identity theft, wire and bank fraud affecting a financial institution, and money laundering.
According to court documents released by the Justice Department, Witte and 16 other unnamed individuals are accused of operating a transnational criminal organization that developed and deployed a digital suite of malware tools aimed at stealing from businesses and individuals worldwide and demanding ransom.
TrickBot began as a banking Trojan in late 2015. The banking malware has evolved into crimeware-as-a-service capable of stealing vital personal and financial information and even placing ransomware and post-exploitation toolkits on compromised machines. The gang is said to have operated mainly in Russia, Belarus, Ukraine, and Suriname.
The Banking Malware is designed to capture online banking credentials and other personal information such as credit card numbers, emails, passwords, birth dates, social security numbers, and addresses. They are used to gain unauthorized access to online bank accounts, perform unauthorized electronic fund transfers, and a variety of other activities.
TrickBot emerged on the threat landscape at the same time as the disbanding of the malware crew behind Dyre. Its rapid rise was nipped in the bud in November 2015 when Russian intelligence Federal Security Service (FSB) reportedly arrested a large number of people suspected of being part of the group.
TrickBot spread fast throughout the United States and Europe
The Department of Justice charged the defendants with stealing money and confidential information from unsuspecting businesses and financial institutions in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia. They accused Witte of being a malware developer who engaged in the creation of code related to monitoring and tracking authorized users of the TrickBot malware.
Furthermore, DoJ said she was also involved in building tools and methods for the storage of credentials collected and exfiltrated from Trickbot-infected victims.
TrickBot’s infrastructure was significantly damaged by the joint efforts of the United States Cyber Command and Microsoft to eliminate 94% of the command-and-control (C2) servers in use. Any new servers created to replace the previously disabled servers were also deleted.
However, these takedowns were only a stopgap measure. Not only has the virus proven resistant to law enforcement action, but the operators have retaliated by changing their techniques and placing their malware on other criminal servers that use Mikrotik routers.
Witte faces a potential sentence of 90 years in jail if convicted on all charges.