The U.S. Justice Department led an international law enforcement operation that dismantled the 911 S5 proxy botnet. The law enforcement also arrested its administrator, the 35-year-old Chinese national YunHe Wang, in Singapore. The authorities sanctioned Wang and his co-conspirators. Since 2011, Wang and his co-conspirators had been distributing malware through malicious VPN applications, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN. The compromised devices were recruited in the 911 S5 residential proxy service.
“According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide.” reads the press release<\/strong><\/a> published by DoJ. “These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States. Wang then generated millions of dollars by offering cybercriminals access to these infected IP addresses for a fee.”<\/em>
The FBI has published information at\u00a0fbi.gov\/911S5<\/a>\u00a0to help identify and remove 911 S5’s VPN applications from your devices or machines.
The FBI shared instructions<\/strong><\/a> on how to identify and remove VPN Applications containing the 911 S5 bot.<\/p>\n\n\n\n
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions<\/a> against Yunhe Wang, and other two Chinese nationals, Jingping Liu and Yanni Zheng, for their role in criminal activities associated with the 911 S5 botnet. Additionally, OFAC sanctioned three entities\u2014Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited\u2014due to their ownership or control by Yunhe Wang.
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0911 S5 botnet)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"