The US Department of Justice (DoJ) has charged a Latvian woman for her alleged role in creating and deploying Trickbot, the computer banking trojan that has evolved to become a highly popular form of malware among cyber criminals.
The accused individual, Alla Witte, was arrested in Miami four months ago.
According to the charges, Witte worked in the criminal organisation, called Trickbot Group, which deployed the Trickbot malware. In this role, she allegedly wrote code related to the control, deployment, and payments of ransomware for the organisation.
Trickbot malware provides cyber criminals with a means of delivering malware onto compromised machines to steal personal and financial information, including login credentials, credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses.
Once the information is obtained, the attackers use that information to gain access to online bank accounts, execute unauthorised electronic funds transfers, and launder the money through US and foreign beneficiary accounts, the DoJ alleges.
According to the indictment, Witte and others have stolen money and confidential information from unsuspecting victims, including businesses and their financial institutions, across Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, Russia, the United States, and the United Kingdom, through the use of the Trickbot malware.
Initially emerging as a banking trojan in 2014, Trickbot malware has increasingly been used by cyber criminals to distribute malware attacks, particularly in the wake of the takedown of the Emotet botnet.
Emotet was the world's most prolific and dangerous malware botnet before it was disrupted by an international law enforcement operation in January.
In addition to the accusation that Witte helped write code for the Trickbot malware, the department also issued an indictment against Witte for her role in allegedly ransoming victims. Witte and her co-conspirators allegedly coerced victims into purchasing special software through a bitcoin address controlled by the Trickbot Group in order to decrypt compromised files.
Witte also allegedly provided code to the Trickbot Group that monitored and tracked authorised users of the malware and developed tools and protocols to store stolen login credentials.
In total, Witte has been charged in 19 counts of a 47-count indictment. If convicted, she could face up to 87 years in prison.
Information about the other individuals charged in the indictment is currently confidential.
"These charges serve as a warning to would-be cybercriminals that the Department of Justice, through the Ransomware and Digital Extortion Task Force and alongside our partners, will use all the tools at our disposal to disrupt the cybercriminal ecosystem," Deputy Attorney-General Lisa Monaco said.
- New Trickbot module uses Masscan for local network reconnaissance
- Trickbot is back again - with fresh phishing and malware attacks
- New TrickBot version can tamper with UEFI/BIOS firmware
- Microsoft and others orchestrate takedown of TrickBot botnet
- Microsoft says it took down 94% of TrickBot's command and control servers
- TrickBot botnet survives takedown attempt, but Microsoft sets new legal precedent