A suspected scammer who used scareware to trick hundreds of thousands of global victims into handing over money has been arrested by Spanish police.
The unnamed Ukrainian national was apprehended at Barcelona’s El Prat airport after managing to evade capture for over a decade, according to the Policia Nacional. They were apparently supported by the FBI and Interpol, which had issued a red notice for the individual’s capture.
Read more on scareware: ChronoPay co-founder arrested by Russian authorities.
The suspected threat actor is charged with operating a global scareware campaign between 2006 and 2011. Victims’ machines were infected with the malware and forced to display a pop-up claiming that the PCs were infected with a virus, and that they should pay a sum for antivirus software to get rid of it.
However, the $129 they paid for the fake software apparently went straight into the pocket of the suspect.
It’s claimed victims lost as much as $70m over the five-year period.
Scareware was a persistent threat to PC users during the period, controlled by a small number of threat groups. In 2011, Infosecurity reported how investigators in 12 countries joined forces to take down two crime rings that caused more than $72m in losses for over 900,000 people.
Back then, the three biggest threats by infection volumes came from scareware variants System Fix, Cloud AV 2012, and Win 7 Security 2012.
They can be seen as a primitive early form of ransomware, as victims found their machine completely locked until they paid for the fake antivirus product. As per ransomware, many of the gangs behind the threats were based in Russia, and therefore largely untouchable by international police.
This is the latest policing coup for the Spanish authorities. In May, police there arrested 40 suspected members of a criminal gang thought to have been responsible for a major SMS phishing campaign that cost victims €700,000 ($767,000).