Home » Technology » Trickbot hacker Arrested In South Korea While Fleeing

Trickbot hacker Arrested In South Korea While Fleeing

Indian Hackers

There is news from the supposed backers of the infamous TrickBot botnet, which for years distributed malicious code not only to companies but also to private individuals and caused great damage. A mastermind is said to have been arrested in Korea.

This is reported by the online magazine Bleeping Computer. It’s about a Russian developer who is believed to be part of the infamous TrickBot malware gang. He has now been arrested in South Korea while trying to leave the country, according to media reports. The TrickBot group is responsible for a wide variety of sophisticated malware. The target groups are both companies and private individuals, which has now become rather rare – many well-known Trojans are more specialized. The botnet, however, generally targets Windows and Linux devices, regardless of who is using them. TrickBot tries to gain access to the victim’s networks, steal data and use other malware such as ransomware.

Extradition to the USA

The broadcaster KBS reported that a Russian man was stuck in South Korea due to Covid-19 restrictions and that his passport expired as a result. After waiting for his passport to be renewed for over a year, he now tried to leave South Korea but was arrested at the airport due to an extradition request from the US.

He is charged with working as a developer for TrickBot while living in Russia in 2016. According to the broadcaster, the accused rejects this and claims that he did not know that he was working for criminals. He is currently trying to prevent his extradition to the USA with a lawyer. “If you extradite him to the United States, it will be very difficult to exercise his right to a defense, and there is a high possibility that he will be unduly punished,” argued the lawyer for the alleged TrickBot developer.

The TrickBot group is responsible for numerous malicious programs, including TrickBot, BazaLoader, BazaBackdoor, PowerTrick, and Anchor. All of these (malicious) tools are used to gain access to corporate networks, steal files and network credentials, and ultimately install blackmail software.

TrickBot Gang

It is believed that both the Ryuk and Conti ransomware operations are also carried out by the TrickBot gang. A few months ago, the news made the rounds that the network had been paralyzed – but that turned out to be a mistake. TrickBot is still active.