Latvian woman charged for developing trickbot banking malware

Max, the 55-year-old Latvian lady was charged on multiple counts, for her participation in programming malware for the infamous Trickbot group.


After being detained in February in Miami, Alla Witte, aka “Max”, was charged with 19 counts in a 47-count indictment.


Witte allegedly assisted in the development of code for the control, deployment, and payment of ransomware, as well as software to track authorized users of the malware and tools and protocols to store stolen login passwords, according to the indictment.


Trickbot, which began as a banking Trojan several years ago, has evolved into a multi-purpose modular threat used by threat actors to get access to victims’ networks and spread other malware, including ransomware, in future generations.


Beginning in November 2015, the Department of Justice (DoJ) claimed that Witte and her co-conspirators stole money and sensitive information from individuals and businesses around the world, including banks.


TrickBot since has evolved into a “crimeware-as-a-service” bot capable of stealing sensitive personal and financial data, as well as dumping ransomware and post-exploitation toolkits on infected machines and recruiting them into a bot family.


The group is claimed to have operated mostly in Russia, Belarus, Ukraine, and Suriname.


Cyber criminals might use Trickbot to steal online banking logins as well as other personal information such as credit card numbers, emails, passwords, dates of birth, social security numbers, and addresses.


Witte and her co-conspirators, according to the DOJ, utilized bank account access to steal money and launder it.


Witte is charged with:

  • One count of conspiracy to commit computer fraud and aggravated identity theft
  • One count of conspiracy to commit wire and bank fraud affecting a financial institution
  • Eight counts of bank fraud affecting a financial institution
  • Eight counts of aggravated identity theft
  • One count of conspiracy to commit money laundering


Witte faces a maximum sentence of approximately 300 years for the crimes she is accused of.


Over the last six years, the organisation is suspected of infecting tens of millions of machines and stealing millions of dollars.


Federal law enforcement, with cooperation from foreign partners, continues to battle and stop ransomware and malware where possible, according to Acting US Attorney Bridget Brennan of the Northern District of Ohio.


She went on to say that they are working together to hold transnational hackers responsible for their activities.



Also read: Bizarro banking malware attacks South American and European Banks


You might also like: Android banking malware-Teabot exploited in the wild