Alleged Russian malware developer arrested after being stranded in South Korea due to COVID-19 pandemic

The global pandemic has caused heartbreak and hardship for millions of people around the world, but for one alleged member of the notorious TrickBot malware gang it may also have resulted in their arrest.

As Catalin Cimpanu at The Record reports, a man was arrested last week by South Korean law enforcement agents at Seoul’s international airport as he attempted to board a flight back to his native Russia.

The man, who has only been named as “Mr A” in local mediaa reports, had entered South Korea in February last year, and was initially unable to return to Russia due to restrictions placed on international travel at the onset of the worldwide Coronavirus outbreak.

By the time travel restrictions had been lifted, Mr A’s passport had expired – requiring him to remain in an apartment in Seoul as he awaited a replacement.

All of which was terrible timing for the stranded traveller, as US law enforcement agents had begun an investigation into the sophisticated TrickBot malware, which has most notoriously been used to distribute ransomware in recent years.

And Mr A is alleged to have worked as a developer on TrickBot’s web browsing module for the cybercrime gang in 2016 while he lived in Russia.

If the US authorities had identified Mr A as a suspect while he was resident in Russia, their chances of getting their hands on him would have been pretty slim. But as he was apprehended while attempting to leave South Korea, he is now facing possible extradition to the United States.

Mr A’s legal team is arguing that their client “will be subjected to excessive punishment” if he is extradited to the United States.

Earlier this year, the US Department of Justice announced that it had arrested a Latvian woman in Miami, after flying from her home in the South American country of Suriname.

Alla “Max” Witte, a 55-year-old mother-of-two, was – like Mr A – accused of developing code for the TrickBot malware gang. Security researchers have claimed that Witte left an embarrassing number of clues online linking her to the TrickBot cybercrime gang.

If convicted, Witte could face years in prison for computer fraud, aggravated identity theft, bank fraud, and other charges.

I hate to give advice to those who work for cybercrime gangs, but maybe – if they care about their liberty – they should think long and hard before making any international travel plans.