An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country.

The TrickBot cybercrime group is responsible for a variety of sophisticated malware targeting Windows and Linux devices to gain access to victim’s networks, steal data, and deploy other malware, such as ransomware.

Seoul’s KBS first reported that a Russian man was stranded in South Korea due to COVID-19 restrictions, and his passport subsequently expired. After waiting for over a year for his passport to be renewed, the individual attempted to depart South Korea again but was arrested at the airport due to an extradition request by the USA.

It is alleged that the man worked as a web browser developer for the TrickBot operation while he lived in Russia in 2016.The Russian man claims that he did not know he worked for a cybercrime gang after getting hired from an employment site. When developing the software, the operation manual did not fall under malicious software, arrested man said.

The Russian individual’s attorney is currently fighting the USA extradition attempt, claiming that the USA will prosecute the individual unfairly.

“If you send him to the United States, it will be very difficult to exercise your right of defense and there is a high possibility that you will be subjected to excessive punishment,” argued the alleged TrickBot developer’s attorney.