Alleged Ukrainian scareware developer arrested after a decade on the run
Spanish police have arrested a Ukrainian hacker who has been hiding from international authorities for over a decade.
The Ukrainian national, whose identity has not been disclosed by the police, was wanted globally for their alleged participation in a scareware operation that took place from 2006 until 2011.
Scareware is a type of malicious software or deceptive tactic that tricks users by warning of false security threats. It aims to scare people into buying fake security software or sharing sensitive information with attackers.
The operation affected hundreds of thousands of victims worldwide and inflicted more than $70 million in economic damage.
Spanish authorities apprehended the suspect at Barcelona-El Prat airport last Tuesday after learning of his intended flight to Barcelona. The operation was supported by the FBI and Interpol.
After the arrest, he was immediately taken into custody due to the seriousness of the charges against him.
The press release from Spanish law enforcement did not offer much information about the detainee and their activities, but the arrest appears connected to the Trident Tribunal operation.
In 2011, the FBI and law enforcement in 11 other countries disrupted two international cybercriminal operations that sold fake anti-virus software.
The hackers tried to convince people to pay $129 to "clean" their computers of supposed viruses. The reality was that the antivirus software was non-functional, and the reported infections it claimed to identify were non-existent.
An estimated 960,000 users were victimized by this scareware scheme, leading to $72 million in actual losses, according to the press release by the FBI.
Hackers from at least 12 countries were involved in this scheme, including Ukraine, Latvia, Germany, Netherlands, France, Lithuania and the U.S. In 2011, the first year of the operation, two people were arrested.
At the time of the publication, Spanish police hadn't responded to The Record’s request for comment.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.