An alleged developer from the notorious cybercrime group known as TrickBot was apprehended in South Korea after trying to leave the country. The group is responsible for various types of malware that target Windows and Linux devices, encrypt them, and then ask the victim to pay a ransom in return for a decryptor.
US authorities believe that the man worked with TrickBot as a web browser developer in 2016 when he was in Russia.
The alleged developer of the TrickBot program denies that he worked for a cybercrime gang, and claims he was hired through a jobs platform and that the operation manual he used for the program was not malicious.
“When developing the software, the operation manual did not fall under malicious software,” the man told the Seoul High Court.
His lawyer also argued that the US would unfairly prosecute his client.
Besides deploying ransomware like Ryuk and Conti through their various tools, the gang behind the TrickBot ransomware is responsible for distributing various other infections, such as BazaLoader, PowerTrick, and Anchor.
Due to the gang’s negative impact on the United States’ interests, a coordinated effort was made in October 2020 to take down the group’s infrastructure. While it was disrupted, the gang quickly rebuilt its operations.
Court documents revealed that members of the TrickBot gang hired developers to perform various tasks for them. Some developers reportedly knew they were working for “black hats,” while others were unaware that they worked for cybercriminals.
Recently the US Department of Justice also charged a Latvian woman named Alla Witt for assisting in the development of a backend platform for ransomware operations. The prosecutor in Alla Whitt’s case also procured a few screenshots of the conversations between TrickBot members who had discussed how they hire developers to work for them.