Andrei Tarasov was once a powerful name in the cybercrime world. Known online as “Aels” and later “Lavander,” he ran major malvertising and exploit campaigns linked to the notorious Angler Exploit Kit. Today, he’s no longer living in luxury but hiding in Russia, unsure of who to trust—and still on the FBI’s Most Wanted list.
Tarasov had claimed to flee Russia due to political persecution. He was granted asylum in Ukraine and often spoke out against the Russian government, describing his homeland as a place where only vodka and life itself were getting cheaper. Despite this, he returned to Russia in early 2024. That twist shocked even those who had tracked him for over a decade.
A Key Player in Exploit Campaigns
Tarasov came under intense scrutiny after the U.S. charged him and two associates—Maksim Silnikau and Volodymyr Kadariya—in 2023. Silnikau was arrested in Spain but extradited from Poland. On the same day, German authorities arrested Tarasov. Unlike his co-defendant, he was released after six months in custody because Germany rejected the U.S. extradition request.
Though not officially listed as a developer, Tarasov played a central role in spreading the Angler Exploit Kit. According to Intel 471, he helped build a traffic distribution system used in malvertising campaigns that steered users into malware traps. He was paid $2,500 for that work by Kadariya.
In 2017, Tarasov and Silnikau allegedly explored ways to lock people’s browsers using fake warnings. This scare tactic evolved into ransomware like Reveton, which the UK’s NCA later linked back to their crew. Tarasov had already built a reputation. He’d started out in card skimming and spam operations as early as 2010.
Before his arrest, he shared warnings on underground forums. He said investigators had approached him in Europe and hinted that they offered millions for information. Just ten days later, German police arrested him. Held in Berlin’s Moabit Prison, he faced extradition to the U.S., where he could receive a sentence of over 50 years.
Released and Returned to a Country He Despised
Tarasov’s time in custody was brutal. In forum posts shared later, he said he considered suicide. He was sent to a prison hospital after a breakdown. Intel 471 reported that he was torn between two impossible choices: betray others or face decades in prison.
After Germany refused the U.S. request, Tarasov was freed. He drove through Poland and quietly crossed back into Russia. Though he had condemned the Russian regime, he now saw returning as the lesser evil.
For nearly a year, he disappeared. Many believed he had either escaped or been extradited. But in October 2024, he reappeared on the dark web. Using his alias “Lavander,” he greeted his old network and admitted to being “stuck” in Russia and “starting from zero.” He also hinted that what he experienced after his release was even worse than prison, but didn’t share details.
On May 5, 2025, he posted again, saying he was broke and still owed money to his lawyer. His tone was more muted than before—but it was clear he wasn’t done yet.
Andrei Tarasov’s journey reflects a grim reality. For cybercriminals, the fall can be fast and brutal. His story is a cautionary tale not just about hacking, but about loyalty, fear, and what happens when the digital mask slips.
