A Ukrainian man has been extradited to the US on charges of participating in a multi-year malvertising operation that targeted millions of users.
Oleksii Petrovich Ivanov, 31, was arrested in the Netherlands in October 2018 and on his arrival in the US last week was charged with one count of conspiracy to commit wire fraud, four counts of wire fraud, and one count of computer fraud.
Between October 2013 and May 2018 he’s alleged to have conspired to force unwitting internet users to view malicious ads over 100 million times, according to the Department of Justice (DoJ).
Ivanov and his co-conspirators are said to have posed as legitimate advertising companies: for example, in 2014 he is alleged to have posed as ‘Dmitrij Zaleskis,’ CEO of fictitious UK company ‘Veldex Limited’ which submitted malicious ads to a US internet advertising company for distribution.
Two of these campaigns were viewed over 17 million times in just a matter of days, and although the US company warned they were being flagged as malware threats, Ivanov is said to have persuaded them firm to keep running them for months.
Once the patience of these partner organizations finally wore out, Ivanov and his co-conspirators allegedly set up new companies and fake identities to start again, according to court documents.
He is also alleged to have created a botnet by infecting computers and then selling access to it.
“This defendant engaged in an extraordinary and far-reaching scheme to infect and hack computers throughout the United States and the world,” said New Jersey US attorney, Craig Carpenito. “This ‘malvertising’ scheme is especially dangerous because it uses online ads to target millions of unsuspecting Internet users engaged in activities as routine as booking their next vacation.”