A Ukrainian national has been extradited to the U.S. for allegedly operating a five-year-long malvertising scheme – reaching victims with more than 100 million malicious ads worldwide.
Oleksii Petrovich Ivanov, 31, appeared in Newark, N.J. federal court on Friday after being extradited to the U.S. from the Netherlands. Ivanov allegedly worked between 2013 and 2018 to launch malicious online advertising campaigns, which purported to be legitimate – however, they would actually direct the internet browsers of victims to unwanted advertisements or malicious sites that distributed malware.
According to the court documents, Ivanov “caused unsuspecting internet users to view or access their malicious advertisements on more than 100 million occasions. By launching these malicious advertisement campaigns, Ivanov and his co-conspirators attempted to cause millions of dollars of losses to victim internet users.”
Ivanov was arrested on Oct. 19 in the Netherlands, after an international investigation led by the U.S. Secret Service, in coordination with Dutch law enforcement. However, details of the charges against him were only recently released.
In order to set up the malvertising campaigns, Ivanov reportedly used fake online personas and false companies to pose as legitimate advertisers seeking to purchase online advertisements – even creating fake banners and websites that showed advertisements. Ivanov would also use these false identities to register internet domains that hosted malicious advertisements, and launch the malvertising campaigns.
For example, in June and July 2014, Ivanov allegedly posed as “Dmitrij Zaleskis,” the CEO of a fake UK company called “Veldex Ltd.” He then allegedly used this alias to submit a series of malicious advertisements to a U.S.-based internet advertising company for distribution – which included two campaigns that were viewed 17 million times in a matter of days.
“The internet advertising company repeatedly told Ivanov that his advertisements were being flagged as malware threats, but Ivanov denied any wrongdoing and persuaded the company to continue running his malicious advertisements for months,” according to a Department of Justice release.
In addition to malvertising, Ivanov also allegedly attempted to sell access to botnets, as well as successfully infected computers with malware that he controlled, “including botnet malware that infected more than 100 devices in the District of New Jersey.”
Malvertising campaigns continue to grow in scope and evolve in their tactics. As recently as March, researchers said a malvertising group called VeryMal was targeting Macs with a malvertising campaign exposing malicious ads to close to 1 million user sessions. In January, a multi-payload and ongoing malvertising campaign was found distributing a newly discovered info-stealer as well as the GandCrab ransomware. And in September 2018, a massive malvertising campaign targeting iOS devices hijacked a whopping 300 million browser sessions in just 48 hours.