A Ukrainian man has been arrested in the Netherlands and extradited to the US, where he was arraigned last Friday in front of a New Jersey judge to face charges of orchestrating malvertising campaigns for almost five years.
According to court documents, Oleksii Ivanov, 31, has been behind multiple fake companies that operated from October 2013 through May 2018 and shipped over 100 million bad ads to users all across the world.
Suspect used string of fake companies
Ivanov and co-conspirators operated by registering a fake company, buying ad space from advertising networks on legitimate sites, and delivering ads containing malicious code (called malvertising) that redirected users to sites peddling malware.
US investigators said that Ivanov would often claim his innocence and deny any involvement with the bad ads when the malvertising campaigns would be uncovered and the victimized ad networks would reach out with inquiries.
If the ad networks would suspend his companies' accounts, Ivanov would simply register a new firm, usually in the UK, and continue from where he left off.
Ivanov and his co-conspirators, none of which were named in court documents, also used fake personas to hide their real identities when interacting with the ad networks.
Most of the time, investigators said, Ivanov's malicious ads redirected users to websites peddling malware-laced files.
US prosecutors said Ivanov also built a malware botnet during the time he carried out the malvertising operations.
Ivanov was arrested on October 19, 2018, following an international investigation by the US Secret Service, Dutch and British law enforcement.
US cracking down on ad fraud
Ivanov's arrest is the second major case that US authorities are getting underway as part of recent efforts to fight ad fraud. In December last year dismantled 3ve, a gigantic ad fraud network involved in generating fake ad views and clicks that made millions of US dollars in illicit revenue for the scheme's perpetrators.
Ivanov's use of fake companies to buy advertising space on legitimate ad platforms is not the first of its kind. Last year, security researchers unearthed a group called Zirconium that ran 28 fake ad agencies that were renting ad space on legitimate sites in a similar fashion.
Related malware and cybercrime coverage:
- A hacker is wiping Git repositories and asking for a ransom
- Hackers steal card data from 201 online campus stores from Canada and the US
- Windows Server hosting provider still down a week after ransomware attack
- Mysterious hacker has been selling Windows 0-days to APT groups for three years
- Law enforcement seizes dark web market after moderator leaks backend credentials
- Hacker takes over 29 IoT botnets
- How to avoid document-based malware attacks TechRepublic
- Game of Thrones has the most malware of any pirated TV show CNET