An international law enforcement operation led by the U.S. Department of Justice has disrupted a massive botnet. So reports the U.S. government in a press release (1). The botnet was used for large-scale fraud, cyber attacks and bomb threats, among other things.
A Chinese national has been arrested on suspicion of setting up the proxy botnet called "911 S5. He allegedly distributed the malware through free Virtual Private Networks (VPNs).
The suspect, named Wang, along with others allegedly created and distributed malware through millions of Windows computers worldwide from 2014 through mid-2022. These devices were linked to more than 19 million unique IP addresses. The suspect earned millions of dollars by providing cybercriminals with access to the IP addresses.
Wang allegedly spread his malware through free VPNs. The VPN apps allegedly involved were MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN. These free, illegal VPNs were hidden in pirated video games and other software that victims downloaded onto their devices. After downloading, the VPN app along with a proxy backdoor was installed on the devices without permission, making them part of the 911 S5 botnet.
Computers from more than 200 countries were reportedly infected by the botnet. Dismantling the botnet was a multi-agency collaboration led by law enforcement agencies in the United States, Singapore, Thailand and Germany. In the process, homes were searched and assets worth about $30 million were seized.
FBI Director Christopher Wray calls 911 S5 "probably the largest botnet in the world ever."
Cybercriminals using the botnet allegedly stole billions of dollars from financial institutions, credit card issuers and federal loan programs. For example, an estimated 560,000 fraudulent claims for unemployment insurance in the United States originated from the infected computers. This would have led to losses of more than $6 billion.
The cybercriminals also engaged in stalking, identity fraud, bomb threats, illegal export of goods, and receiving and sending child exploitation material.
The nearly $100 million in profits this generated was spent on luxury cars, watches and real estate. If Wang, the defendant, is found guilty on all counts, he risks a maximum sentence of 65 years in prison.
Although the botnet has been taken offline, the malware still remains present on victims' computers. The FBI has therefore shared a comprehensive roadmap (2) on how to identify this software and remove the VPN apps.
(1) https://www.justice.gov/opa/pr/911-s5-botnet-dismantled-and-its-administrator-arrested-coordinated-international-operation
(2) https://www.fbi.gov/investigate/cyber/how-to-identify-and-remove-vpn-applications-that-contain-911-s5-backdoors
