The U.S. Department of Justice has announced a Latvian malware developer has been arraigned on a 19-count indictment for her role in the creation and operation of the TrickBot Trojan.
The TrickBot Trojan first appeared in 2016 and was initially a banking Trojan used to steal bank account credentials; however, the malware has undergone significant development since and has had many more features added. Latterly, the malware has been used as a downloader of other malware variants and ransomware and has been offered to cybercriminal organizations under the malware-as-a-service model.
The TrickBot group operated in Russia, Belarus, Ukraine, and Suriname and targeted businesses and public infrastructure, with victims including many hospitals, educational institutions, public utilities, and governments.
Alla Witte, 55, known as Max in cybercrime circles, was previously based in Paramaribo in Suriname and was arrested in Miami in February 2021 for her role in the TrickBot operation. Witte is alleged to be one of the main coders for the malware and is understood to have worked on the malware since November 2015. Witte is alleged to be responsible for developing the ransomware-related functions of the malware, including control, deployment, and payments, and writing code that monitored and tracked authorized users of the malware, as well as developing tools and protocols to store stolen login credentials.
Witte was charged with 1 count of conspiracy to commit computer fraud and aggravated identity theft, 1 count of conspiracy to commit wire and bank fraud affecting a financial institution, one count of conspiracy to commit money laundering, eight counts of bank fraud, and eight counts of aggravated identity theft.
If convicted on all charges, Witte will face decades in jail. She faces a maximum jail term of 5 years for conspiracy to commit computer fraud and aggravated identity theft, 30 years for conspiracy to commit wire and bank fraud, 30 years for each bank fraud count, and 20 years for conspiracy to commit money laundering. On top of those sentences, she faces 16 years for aggravated identity theft which will run consecutively to the other sentences.
“Witte and her associates are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems,” said Special Agent in Charge Eric B. Smith of the FBI’s Cleveland Field Office. “Cyber intrusions and malware infections take significant time, expertise, and investigative effort, but the FBI will ensure these hackers are held accountable, no matter where they reside or how anonymous they think they are.”