Ukranian Cyber Crook Responsible for Millions of Malicious Ads Brought to New Jersey Court

Young Ukranian Oleksii Ivanov, 31, has been arrested in the Netherlands in October 2018 following an international investigation by the US Secret Service, the Dutch and the British law enforcement. Ivanov, along with his co-conspirators, is accused of conducting malvertising campaigns on the Internet during which over 100 million malicious ads have been delivered to users all over the world. The alleged cybercriminal has now been extradited to the USA and appeared before the court in New Jersey at the beginning of May 2019.

The Cyber Fraud Involved a String of Fake Companies

According to the case documents, the fraudulent scheme led by the Ukranian has operated between October 2013 and May 2018, whereby in that period Ivanov operated multiple fake companies through which he and his accomplices distributed corrupted advertisements on legitimate websites. After registering a fake company, Ivanov bought ad space from advertising networks and then delivered ads injected with malicious codes that redirected users to websites which propagated malware.

Whenever the affected ad networks discovered the malvertising campaign and asked Ivanov for an explanation, he would deny any involvement in the bad ads. If the ad network suspended the company's account, he would just register a new company and keep on with the fraud. Most of the fake companies were registered in the UK. In their interaction with the ad networks, Ivanov and his co-conspirators used fake identities in order not to reveal their real names. US prosecutors also claim that the hacking group built a malware botnet along with operating the malvertising campaigns.

This Is the Second Major Ad Fraud Scheme Cracked by US Authorities

Ivanov’s arrest is part of a major campaign of the US authorities against ad fraud. In December 2018, the FBI dismantled 3VE - another gigantic malicious ads scheme that generated millions of US dollars for its operators from fake ad views and clicks. Also in 2018, cybersecurity researchers uncovered another criminal network called Zirconium that, just like Ivanov’s, operated fake ad agencies who rented ad space on legit websites. Malvertising is on the surge recently, and other known malvertising groups targeting US users are VeryMal, ScamClub, and eGobbler.