The US Department of Justice has charged a Latvian woman for allegedly being part of the infamous Trickbot Group that deployed the Trickbot malware, which infected millions of victim computers worldwide.
The Trickbot Group operated in Russia, Belarus, Ukraine, and Suriname, and primarily targeted victim computers belonging to businesses, entities, and individuals. Targets included hospitals, schools, public utilities, and governments, DoJ said in a press release.
Trickbot is a modular banking trojan that over the time evolved into a dangerous malware dropper used to deliver additional malware on infected devices.
The defendant, Alla Witte (aka Max), 55, was charged in 19 counts of a 47-count indictment after she was arrested on February 6 in Miami, Florida.
The indictment alleges that Witte was working with Trickbot Group to develop a set of tools used to target businesses and individuals all over the world for theft and ransom. Witte allegedly wrote code related to the control, deployment, and payments of ransomware through a Bitcoin address controlled by the Trickbot Group. She also provided code to the Trickbot Group that monitored and tracked authorized users of the malware and developed tools and protocols to store stolen login credentials.
Since November 2015 Witte and her co-conspirators stole money and confidential information from unsuspecting victims, including businesses and their financial institutions in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia, the indictment alleges.
Witte was charged with one count of conspiracy to commit computer fraud and aggravated identity theft; one count of conspiracy to commit wire and bank fraud affecting a financial institution; eight counts of bank fraud affecting a financial institution; eight counts of aggravated identity theft and one count of conspiracy to commit money laundering. Two of the counts carry a maximum sentence of 30 years in prison.