Peteris Sahurovs, a Latvian hacker known as "Sagade," was extradited to the US and appeared in Minneapolis court today in regards to accusations of running a scareware operation that pocketed the crook and his partners over $2 million.

Sagade's alleged crimes go back to 2010, when together with Marina Maslobojeva, aka "Aminasah," had bought ad space on various online websites, posing as representatives for a fake advertising company named RevolTech, interested in listing ads for the Best Western hotel chain.

Sagade performed the old ad switcheroo trick

US authorities say the duo initially showed legitimate ads, but after a certain period of time would switch the original ads with malverts. These malicious ads would then redirect users to a server in the Netherlands, and then to another in Latvia, "which began downloading malware onto the visitors' computers."

According to the FBI — who investigated the case — this malware would freeze or slow down the user's computer and show popups with alarming messages, telling the victim he'd been infected with malware.

Similar to all other scareware schemes, the popup texts would imply the user needs to buy a security product called "Antivirus Soft" to remove the infection. Sagade and his partners would redirect users willing to buy this product to the "" domain, where they'd bill buyers $49.95.

Antivirus Soft
Antivirus Soft

The "Antivirus Soft" software users would receive after a successful purchase would deactivate the malware and de-freeze computers.

Sagade was arrested in 2011, fled and hid in Poland

US authorities started investigating Sagade's operations after the hacker bought and listed malicious ads on the website of the Minneapolis Star Tribune, a local Minneapolis newspaper.

Following the incident, the newspaper was forced to publicly apologize in both its paper and online editions, which in turn, led the newspaper to file a complaint that put US investigators on the author's tracks.

Latvian authorities arrested Sagade in June 2011, but the hacker fled the country after he was set free pending extradition hearings. Polish authorities arrested Sagade in November 2016, and he was extradited earlier this year.

Before his arrest, Sagade was at one time the fifth most wanted hacker on the FBI's Cyber Most Wanted list, with a reward of $50,000 for information on his whereabouts.

Related Articles:

Cobalt Bank Robbers Use New ThreadKit Malicious Doc Builder

Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware

HackerOne Offers Free Sandboxes To Replicate Real-World Security Bugs

DOJ Indicts Two Iranian Hackers for SamSam Ransomware Operation

HookAds Malvertising Installing Malware via the Fallout Exploit Kit