Trickbot is a very well-known malware. This malware mainly uses a variety of attack methods to collect data and turn infected devices into botnets to join botnets. These botnets will be rented out to provide DDoS attacks and also used for ransomware. Generally speaking, the hacker's idea is to squeeze as much as possible first. If there is no remaining value, they will be rented out and used as bots to launch DDoS.

In 2021, Latvian citizen Alla Witte (codename Max) was arrested. Max was mainly responsible for controlling infected devices and deploying ransomware.

In September 2021, Russian citizen Vladimir Dunayev (codenamed FFX) was arrested in South Korea and was later extradited to the United States and handed over to the U.S. Department of Justice for trial. FFX has currently pleaded guilty and will be sentenced to up to 35 years in prison.

The intersection between FFX and Trickbot began in 2016. In 2016, the Trickbot gang recruited members. During the remote interview stage, the interview question was to create an application that simulates a SOCKS server and modify the Firefox browser. After FFX completed it, he was hired as a developer of the Trickbot team.

According to FFX's own statement, FFX is the main developer of the Trickbot malware. After joining the group, he used his skills to develop the Trickbot series of malware, and then used Trickbot to infect millions of computers and other devices around the world.

After Trickbot infects a device, it will collect information in advance, including various sensitive credentials, credit card account numbers, CVV security codes, emails, various passwords, victim's date of birth, SSN and address, etc. This information can be used to steal funds from the victim's account.

At the same time, Trickbot will also extort infected individuals and businesses, with the total extortion amount exceeding US$180 million. Of course, the actual amount paid is unknown.

The U.S. Department of Justice charged FFX with conspiracy to commit computer fraud and identity theft, and conspiracy to commit wire transfer and bank fraud. Both of these charges carry a maximum sentence of 35 years in prison. FFX has already pleaded guilty.

However, the arrest of FFX did not have much impact on Trickbot. After all, this is a typical remote working team. Team members only know each other online and their real identities are not clear.

Of course, there is also a typical gangster problem in the online world. Another notorious ransomware, Conti, successfully took control of Trickbot after trying in many ways, and used Trickbot to develop more complex and covert malware variants.

Later, after a Ukrainian researcher found clues and exposed them, the Conti gang was forced to shut down, but its members also split into many new ransomware gangs, including Royal, BlackBasta, and ZEON.