Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware

December 02, 2023NewsroomCybercrime / Malware

TrickBot Malware

A Russian national has been found guilty in connection with his role in the creation and deployment of a malware known as TrickBot, the US Department of Justice (DoJ) announced.

Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the US a month later.

“Dunaev created browser modifications and malicious tools that helped harvest credentials and mine data from infected computers, facilitating and enhancing remote access used by TrickBot actors , and created a program code to prevent the TrickBot malware from being detected by legitimate security software,” the DoJ SAYS.

“During Dunaev’s involvement in the scheme, 10 victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware. deployed by TrickBot.”


Dunaev, who pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud, faces a maximum of 35 years in prison. He is scheduled to be sentenced on March 20, 2024.

Dunaev is also the second TrickBot gang malware developer to be arrested after Alla Witte, a Latvian national who, was sentenced to two years and eight months in prison in June 2023.

The development comes nearly three months after the UK and US governments charged 11 individuals suspected of being part of the TrickBot cybercrime group.

TrickBot, which started as a banking trojan in 2016, has evolved into a multi-purpose tool capable of delivering additional payloads to infected hosts and acting as an initial access facilitator for attacks. of ransomware.


After surviving law enforcement to dismantle the botnet, the notorious Conti ransomware crew gained control of the operation. However, Conti and TrickBot suffered a major blow last year following Russia’s invasion of Ukraine, when Conti pledged allegiance to Russia.

This led to a series of leaks called ContiLeaks and TrickLeaks that provided valuable information about their internal chats and infrastructure, which ultimately resulted in the closure of Conti and its disintegration into several other groups.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment