Security News > 2021 > June > Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware
The U.S. Department of Justice on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware.
Since its origin as a banking Trojan in late 2015, TrickBot has evolved into a "Crimeware-as-a-service" capable of pilfering valuable personal and financial information and even dropping ransomware and post-exploitation toolkits on compromised devices, in addition to recruiting them into a family of bots.
Largely propagated through phishing and malspam attacks, TrickBot is designed to capture online banking login credentials and hoover other personal information, such as credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses, with the captured credentials abused to gain illicit access to online bank accounts, execute unauthorized electronic funds transfers, and launder the money through U.S. and foreign beneficiary accounts.
Accusing the defendants of plundering money and confidential information from unsuspecting businesses and financial institutions in the U.S., U.K., Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia, the DoJ said Witte was a malware developer "Overseeing the creation of code related to the monitoring and tracking of authorized users of the Trickbot malware, the control and deployment of ransomware, obtaining payments from ransomware victims, and developing tools and protocols for the storage of credentials stolen and exfiltrated from victims infected by Trickbot."
TrickBot notably suffered a huge blow to its infrastructure following twin efforts led by the U.S. Cyber Command and Microsoft to eliminate 94% of its command-and-control servers that were in use as well as any new servers the criminals operating TrickBot attempted to bring online to replace the previously disabled servers.
Not only has the malware proven to be resilient to law enforcement actions, the operators have also bounced back by adjusting tactics and hosting their malware in other criminal servers that make use of Mikrotik routers.