The U.S. Department of Justice (DOJ) announced on May 29 an international law enforcement operation to disrupt the 911 S5 botnet, a major cybercriminal enterprise, which resulted in the arrest of YunHe Wang, a Chinese national, for his role in deploying malware and operating a proxy service used for various cybercrimes.
Wang’s botnet compromised millions of computers worldwide and facilitated numerous illegal activities, including financial fraud, identity theft, and child exploitation.
US DOJ Operation Led To The Discovery Of the Botnet Scammer, YunHe Wang
YunHe Wang, a 35-year-old national of the People’s Republic of China and a citizen-by-investment of St. Kitts and Nevis, was arrested on May 24. He’s facing charges related to the deployment of malware and the operation of a residential proxy service known as “911 S5.”
From 2014 through July 2022, Wang and his associates allegedly developed and spread malware to compromise millions of residential Windows computers globally. The compromised devices generated over 19 million unique IP addresses, with 613,841 in the United States. Cybercriminals paid for access to these infected IP addresses, generating millions of dollars in revenue for Wang.
According to the indictment, Wang and his associates are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.
911 S5 Botnet Dismantled and Its Administrator Arrested in Coordinated International Operation
Botnet Infected Over 19M IP Addresses to Enable Billions of Dollars in Pandemic and Unemployment Fraud, and Access to Child Exploitation Materials
🔗: https://t.co/sEdzhDoHfl pic. .com/R5UBMsOX6n
— U.S. Department of Justice (@TheJusticeDept) May 29, 2024
Wang allegedly propagated malware through VPN programs like MaskVPN and DewVPN, using torrent distribution and pay-per-install services. He managed around 150 dedicated servers, including 76 leased from U.S.-based providers, to control infected devices and run the 911 S5 service.
The 911 S5 botnet facilitated numerous crimes, including financial fraud, identity theft, and child exploitation. The botnet also targeted pandemic relief programs, with fraudulent unemployment claims and Economic Injury Disaster Loan (EIDL) applications linked to compromised IP addresses, resulting in a confirmed fraudulent loss exceeding $5.9 billion.
From 2018 to July 2022, Wang allegedly earned approximately $99 million from selling access to the hijacked IP addresses. He invested the illicit proceeds in properties and luxury items worldwide. The indictment lists assets subject to forfeiture, including high-end cars, bank accounts, cryptocurrency wallets, luxury watches, and real estate across multiple countries.
A different analysis conducted by the blockchain analytics company Chainalysis revealed that wallet addresses linked to Wang collectively contained over $130 million in digital assets obtained through illegal commissions.
Rising Crypto Scams
The Canadian Anti-Fraud Centre (CAFC) recently warned about increased cryptocurrency scams targeting Canadian citizens. These scams mainly focus on romance scams, also known as pig butchering and investment scams.
They often involve prolonged online communication where fraudsters pose as friends, romantic interests, or legitimate investment advisers to lure victims into fraudulent crypto investment schemes.
Victims of these scams are often promised unrealistic investment returns through fraudulent platforms. Initially, they may be allowed to withdraw small amounts to appear legitimate, but eventually, their funds are locked, and their identities are compromised.
In 2023, investment frauds cost Canadians $309.4 million, with $172 million attributed to social media-related frauds. As a preventive measure, Canada plans to implement the international Crypto-Asset Reporting Framework (CARF) by 2026 to establish new reporting requirements for crypto-asset service providers for taxation purposes.
According to a recent report, fraudsters also target South Korean cryptocurrency users with an Ethereum-themed scam. In this scam, they send alarming text messages warning that users’ ETH coins will be burned due to “long-term inactivity” unless they act quickly.
The messages, which appear to come from a fake global exchange named Bit-Finance, prompt recipients to click on a phishing link and enter wallet details, potentially leading to financial losses.