A senior member of the prolific Trickbot Group criminal gang has been formally arraigned in a federal court in the United States.
The 55-year-old Alla “Max” Witte, a Russian national, was arrested in Miami, Florida on February 6 US time.
The woman is a resident of the South American country Suriname, with other operators said to be in Russia and Belarus.
She is accused of working as a malware developer for Trickbot.
Specifically, Witte is alleged to have written the code for the control and deployment of the malware, as well for its ransomware payments function, the US Department of Justice said.
Operational since at least 2015, Trickbot was originally known as Dyre, a malware that was disabled by law enforcement action in that year, according to the DoJ.
Trickbot began as an info-stealer which was extended to become a Trojan Horse malware loader, with modular functionality.
Beyond capturing victims’ banking credentials for theft of money, Trickbot is used to steal passwords and other sensitive information, and act as a loader for ransomware like Conti and Ryuk.
“Witte and her associates are accused of infecting tens of millions of computers worldwide, in an effort to steal financial information to ultimately siphon off millions of dollars through compromised computer systems,” FBI Special Agent Eric Smith said.
As part of a 47-count charge sheet, Witte faces one count of conspiracy to commit computer fraud and aggravated identity theft.
She is also alleged to have committed bank and wire fraud and money laundering.
If convicted, Witte faces a lengthy prison sentence, with some of the alleged crimes being punishable with up to 30 years in prison.
The aggravated identity theft accusations carry a mandatory two-year prison sentence for each count, and Witte faces nine in total.
Witte is also alleged to have hosted copies of Trickbot on her own personal domain.
Several other people face charges in the currently redacted [pdf] indictiment, including Trickbot’s Russian malware managers, responsible for recruiting programmers, other developers, financial controllers and spammers and phishers who deployed the malicious application.
Trickbot has been targeted by the US authorities since September last year.
With the help of Microsoft and a coalition of security vendors, US authorities were able to shut down 94 percent of Trickbot’s infrastructure.