TrickBot developer pleads guilty, faces up to 35 years in prison

TrickBot developer pleads guilty, faces up to 35 years in prison

A Russian national has pleaded guilty to his involvement in developing and deploying the Trickbot malware.

“Vladimir Dunaev, 40, of Amur Blast, provided specialized services and technical abilities in furtherance of the Trickbot scheme,” the US Department of Justice said in a press release.

Disrupted in 2022, Trickbot was a modular banking trojan that over time evolved into a dangerous malware dropper used to deliver additional malware, including ransomware, on infected devices. The Trickbot Group primarily targeted victim computers belonging to businesses, entities, and individuals. Targets included hospitals, schools, public utilities, and governments.

Dunaev developed browser modifications and malicious tools used for credential harvesting and data stealing from infected computers, facilitated and enhanced the remote access used by Trickbot actors, and created a program code that allowed the Trickbot malware to stay undetected by anti-virus software.

During Dunaev’s participation in the scheme, 10 victims were defrauded of more than $3.4 million via ransomware deployed by Trickbot.

In 2021, Dunaev was extradited from the Republic of Korea to the United States.

Dunaev pleaded guilty to conspiracy to commit computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. He is scheduled to be sentenced on March 20, 2024, and faces a maximum penalty of 35 years in prison if found guilty.

In 2021, the US authorities charged another TrickBot developer, Alla Witte (aka Max) for her role in the TrickBot operation. In June 2023, she was sentenced to two years and eight months in prison.

In September of this year, the US and UK governments named and sanctioned 11 Russians said to be connected to the notorious TrickBot cybercrime crew. Sanctioned individuals include Trickbot actors involved in management and procurement, namely administrators, managers, developers and coders who have materially assisted the TrickBot group in its operations. In total, the joint US and UK operations sanctioned 18 TrickBot members.

Back to the list

Latest Posts

UNC6148 threat actor actively targets outdated and patched SonicWall devices

UNC6148 threat actor actively targets outdated and patched SonicWall devices

The group is using stolen credentials and OTP seeds to regain access to devices even after security updates have been applied.
17 July 2025
Google patches Chrome zero-day allowing sandbox escape

Google patches Chrome zero-day allowing sandbox escape

The flaw stems from insufficient validation of untrusted input in ANGLE and GPU.
16 July 2025
Ukrainian police dismantle major server network used for malware distribution

Ukrainian police dismantle major server network used for malware distribution

Authorities identified a 33-year-old French national as the organizer of the illegal operation.
16 July 2025
Popular Posts
Featured vulnerabilities
CSRF in LedgerSMB
Medium Patched | 17 Jul, 2025
Information disclosure in ConnectWise PSA
Medium Patched | 17 Jul, 2025
Transient Scheduler Attack in Store Queue in Microsoft Windows
Low Patched | 17 Jul, 2025
Multiple vulnerabilities in Microsoft Edge
Сritical Patched | 17 Jul, 2025
Privilege escalation in shadow-utils component used by BIG-IP Next for Kubernetes
Medium Not Patched | 17 Jul, 2025