An international law enforcement operation led by the US Department of Justice has disrupted a massive botnet. The American government reported this in a press release. The botnet was used for large-scale fraud, cyber attacks and bomb threats, among other things.

A Chinese national has been arrested on suspicion of setting up the proxy botnet, dubbed ‘911 S5’. He allegedly distributed the malware via free Virtual Private Networks (VPNs).

Millions of Computers Ended up in a Botnet via VPNs

The suspect, named Wang, together with others, is said to have created and distributed malware through millions of Windows computers worldwide from 2014 to mid-2022. These devices were associated with more than 19 million unique IP addresses. The suspect made millions of dollars by offering cybercriminals access to these IP addresses.

Wang is said to have distributed his malware via free VPNs. This would concern the VPN apps MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN. These free, pirated VPNs were hidden in pirated video games and other software that victims downloaded onto their devices. Once downloaded, the VPN app, along with a proxy backdoor, was installed on the devices without permission, making them part of the 911 S5 botnet.

Computers from more than 200 countries are said to have been infected by the botnet. Dismantling the botnet was a multi-agency effort led by law enforcement agencies in the United States, Singapore, Thailand and Germany. Homes were searched and assets worth approximately $30 million were seized.

FBI Director Christopher Wray calls 911 S5 “likely the world’s largest botnet ever.”

Large-scale Fraud, Bomb Threats and Child Exploitation

Cybercriminals using the botnet are said to have stolen billions of dollars from financial institutions, credit card issuers and federal loan programs. For example, an estimated 560,000 fraudulent unemployment insurance claims in the United States have been filed from the infected computers. This has resulted in a loss of more than $6 billion.

The cybercriminals were also guilty of stalking, identity fraud, reporting bomb threats, illegal export of goods, and receiving and sending child exploitation material.

The nearly $100 million in profits this generated was invested in buying luxury cars, watches and real estate. If Wang, the suspect, is found guilty on all counts, he faces a maximum sentence of 65 years in prison.

FBI Explains how to Uninstall VPN Apps

Although the botnet has been taken offline, the malware still remains on victims’ computers. The FBI has therefore shared a detailed step-by-step plan on how to identify this software and how to remove the VPN apps.

This case shows that free VPN apps can be unsafe. It is therefore important to always pay attention to what you download. Still interested in a free VPN? Then take a look at our article on the best free VPNs, where we’ve highlighted some good, secure options.