YunHe Wang Arrested by US DOJ for Alleged $130M Botnet Scam
The United States Department of Justice (DOJ) made an announcement on May 29th regarding an international operation conducted to disrupt the 911 S5 botnet, a significant cybercriminal organization. This operation resulted in the arrest of YunHe Wang, a Chinese national, who is accused of deploying malware and running a proxy service that facilitated various cybercrimes.
Wang’s botnet compromised millions of computers worldwide and enabled numerous illegal activities, including financial fraud, identity theft, and child exploitation.
YunHe Wang, a 35-year-old individual from the People’s Republic of China and a citizen-by-investment of St. Kitts and Nevis, was apprehended on May 24th. He is now facing charges related to the distribution of malware and the operation of a residential proxy service known as “911 S5.”
Between 2014 and July 2022, Wang and his associates allegedly developed and disseminated malware that compromised millions of residential Windows computers across the globe. These compromised devices produced over 19 million unique IP addresses, with 613,841 originating from the United States. Cybercriminals paid Wang for access to these infected IP addresses, resulting in millions of dollars in revenue.
According to the indictment, Wang and his associates are accused of creating and spreading malware to compromise and control a network of millions of residential Windows computers worldwide.
Wang allegedly propagated malware through VPN programs such as MaskVPN and DewVPN, utilizing torrent distribution and pay-per-install services. He managed approximately 150 dedicated servers, including 76 leased from US-based providers, to control the infected devices and operate the 911 S5 service.
The 911 S5 botnet facilitated a wide range of crimes, including financial fraud, identity theft, and child exploitation. The botnet also targeted pandemic relief programs, with compromised IP addresses linked to fraudulent unemployment claims and Economic Injury Disaster Loan (EIDL) applications, resulting in confirmed losses exceeding $5.9 billion.
From 2018 to July 2022, Wang allegedly earned approximately $99 million by selling access to the hijacked IP addresses. He invested the illicit proceeds in properties and luxury items worldwide. The indictment includes a list of assets subject to forfeiture, including high-end cars, bank accounts, cryptocurrency wallets, luxury watches, and real estate in multiple countries.
A separate analysis conducted by the blockchain analytics company Chainalysis revealed that wallet addresses linked to Wang collectively held over $130 million in digital assets obtained through illegal means.
Rising Crypto Scams
The Canadian Anti-Fraud Centre (CAFC) recently issued a warning about the increasing number of cryptocurrency scams targeting Canadian citizens. These scams primarily involve romance scams, also known as pig butchering, and investment scams.
Fraudsters often engage in prolonged online communication, pretending to be friends, romantic partners, or legitimate investment advisors to lure victims into fraudulent cryptocurrency investment schemes.
Victims of these scams are often promised unrealistic returns on their investments through fraudulent platforms. Initially, they may be allowed to withdraw small amounts to create an appearance of legitimacy, but eventually, their funds are locked, and their identities are compromised.
In 2023, investment frauds cost Canadians $309.4 million, with $172 million attributed to frauds related to social media. As a preventive measure, Canada plans to implement the international Crypto-Asset Reporting Framework (CARF) by 2026, which will establish new reporting requirements for crypto-asset service providers for taxation purposes.
According to a recent report, fraudsters are also targeting South Korean cryptocurrency users with an Ethereum-themed scam. In this scam, recipients receive alarming text messages warning that their ETH coins will be burned due to “long-term inactivity” unless immediate action is taken.
The messages, appearing to originate from a fake global exchange called Bit-Finance, prompt recipients to click on a phishing link and enter their wallet details, potentially resulting in financial losses.
Follow Us on Google News