FBI Dismantles a Botnet With an Army of 20 Million Zombie PCs. They Were Infected by Rogue VPNs

  • MaskVPN, DewVPN, and other similar apps compromised the security of Windows PCs.

  • Hackers have used infected computers to commit many cybercrimes.

FBI dismantled a botnet with an army of 20 million Zombie PCs infected with rogue VPNs
No comments Twitter Flipboard E-mail

Law enforcement officials have arrested the alleged creator of the world’s largest botnet. YunHe Wang, a 35-year-old Chinese citizen, was charged over allegedly using malware to infect more than 19 million computers that became “zombies.” Hackers used these PCs to commit crimes including harassment, bomb threats, bank fraud, and child exploitation.

The Department of Justice and the FBI led the operation, which also involved security agencies from Singapore, Thailand, and Germany. As a result of the raid, which took place on May 24, authorities confiscated several computers and identified a dozen assets and luxury goods for seizure, including Ferrari, Rolls Royce, and BMW cars.

Goodbye to a Dangerous Zombie Computer Network

Wang, along with others whose names authorities haven’t yet revealed, allegedly set up a complex malware scheme. It consisted of infecting many computers around the world and offering access to them to other cybercriminals in exchange for a fee that, according to the investigation, would have amounted to millions of illegal dollars.

The Department of Justice believes that the 911 S5 service—as they called it—contained at least 19 million unique IP addresses, which could translate to at least that amount or even more infected computers. Just over 600,000 IP addresses were from the U.S. This massive botnet has been operating in more than 200 countries since 2014. Many used it to commit a range of cybercrimes.

One interesting aspect is how Wang and his gang infected the computers. He added new PCs to his 911 S5 network by spreading malware through various functional VPN apps. The VPNs identified include MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN, and ShineVPN.

Computer infection with malware

If you have any of the above applications installed on a Windows computer, the FBI recommends removing them. Before taking any action, however, it’s advisable to make a backup copy of the computer’s data. And, in the best scenario, let a professional carry out the disinfection. However, there were other ways the culprits spread their malware.

ShieldVPN app

Wang also included his malware in pirated software, which are copies of programs that promised to work without a license. The cybercriminal offered to include his malware in specific versions of programs for his customers. Wang planned to make money by making his botnet available to other cybercriminals.

According to authorities, the fraudulent scheme had escalated to the point where Wang was managing approximately 150 dedicated servers worldwide, including approximately 76 in the U.S. In addition, the cybercriminals used the infected computers to commit serious crimes, such as sharing child pornography.

Images | Xataka On with Bing Image Creator

Related | We Thought VPNs Were Unhackable, But It Looks Like Hackers Can Spy on Them While You're Connected

Home o Index