The U.S. Department of Justice (DOJ) recently announced an international law enforcement operation to disrupt the 911 S5 botnet, a major cybercriminal enterprise. This operation led to the arrest of YunHe Wang, a Chinese national, for his involvement in deploying malware and operating a proxy service used for various cybercrimes. Wang’s botnet compromised millions of computers worldwide and facilitated illegal activities such as financial fraud, identity theft, and child exploitation. He is facing charges related to the deployment of malware and the operation of the residential proxy service known as “911 S5.”
From 2014 through July 2022, YunHe Wang and his associates developed and spread malware to compromise millions of residential Windows computers globally. The compromised devices generated over 19 million unique IP addresses, with 613,841 in the United States. Cybercriminals paid for access to these infected IP addresses, generating millions of dollars in revenue for Wang. He allegedly created and disseminated malware through VPN programs like MaskVPN and DewVPN, using torrent distribution and pay-per-install services. Wang managed around 150 dedicated servers, including 76 leased from U.S.-based providers, to control infected devices and run the 911 S5 service.
The 911 S5 botnet enabled various criminal activities, including financial fraud, identity theft, and child exploitation. Additionally, the botnet targeted pandemic relief programs, contributing to fraudulent unemployment claims and Economic Injury Disaster Loan (EIDL) applications linked to compromised IP addresses. These activities resulted in a confirmed fraudulent loss exceeding $5.9 billion. From 2018 to July 2022, Wang allegedly earned approximately $99 million from selling access to the hijacked IP addresses. He used the illicit proceeds to invest in properties, luxury items, high-end cars, bank accounts, cryptocurrency wallets, luxury watches, and real estate across multiple countries. Wallet addresses linked to Wang collectively contained over $130 million in digital assets obtained through illegal commissions, as revealed by Chainalysis.
In Canada, the Canadian Anti-Fraud Centre (CAFC) has warned about an increase in cryptocurrency scams targeting Canadian citizens, particularly romance scams and investment scams. Fraudsters often pose as friends, romantic interests, or legitimate investment advisers to deceive victims into fraudulent crypto investment schemes. Victims are promised unrealistic investment returns through fraudulent platforms and are eventually locked out of their funds and have their identities compromised. In 2023, investment frauds in Canada cost citizens $309.4 million, with $172 million attributed to social media-related frauds. To combat these scams, Canada plans to implement the international Crypto-Asset Reporting Framework (CARF) by 2026 to establish new reporting requirements for crypto-asset service providers for taxation purposes.
Moreover, fraudulent activities targeting South Korean cryptocurrency users have been reported. Fraudsters are using an Ethereum-themed scam where they send alarming text messages claiming that users’ ETH coins will be burned due to “long-term inactivity” unless they take immediate action. These messages, purportedly from a fake global exchange named Bit-Finance, prompt recipients to click on a phishing link and enter wallet details, potentially leading to financial losses for the victims. These scams highlight the need for increased awareness and vigilance among cryptocurrency users to protect themselves from falling prey to such fraudulent schemes.
