Chinese national arrested in S’pore for creating malware that allowed criminals to steal billions

One of the domains used to sell access to compromised IP addresses that was seized by law enforcement agencies. - SCREENGRAB FROM INTERNET

SINGAPORE: A 35-year-old Chinese national has been arrested in Singapore for creating and operating a malware which resulted in a network of zombie computers that allowed cybercriminals to steal billions of dollars.

Wang Yunhe was arrested on May 24 in a multi-jurisdiction operation led by the United States Department of Justice (DOJ).

The Singapore Police Force (SPF) was among law enforcement agencies which took part in the international probe.

In a statement on May 29, the DOJ said Wang had allegedly worked with others between 2014 to July 2022 to create and disseminate the 911 S5 Botnet to millions of home-based Windows computers across the world.

Botnets refer to malware-laced devices that have been hijacked by hackers, without the owners’ knowledge.

Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the DOJ’s Criminal Division, said Wang allegedly created malware that compromised millions of residential computers around the world and then sold access to the infected computers to cybercriminals.

“These criminals used the hijacked computers to conceal their identities and commit a host of crimes, from fraud to cyberstalking,” she added.

The DOJ said more than 19 million Internet Protocol addresses - unique characters that identify each computer - ended up in the “world’s largest botnet (network) ever”.

“The 911 S5 Botnet infected computers in nearly 200 countries and facilitated a whole host of computer-enabled crimes, including financial frauds, identity theft, and child exploitation,” said Christopher Wray, director of the Federal Bureau of Investigation.

The DOJ said that Wang, who also holds a St. Kitts and Nevis citizenship, allegedly received US$99 million (S$134 million) from cybercriminals who tapped his network from 2018 to July 2022.

He used the money to purchase 21 properties across the US, St. Kitts and Nevis, Singapore, Thailand, China and the United Arab Emirates.

US court documents showed he resided in properties he owned in Singapore, Thailand and China, and owned and operated several companies in various jurisdictions.

They include Eternal Code in Singapore, which online business directory records show was incorporated on December 30, 2020 and struck off on November 25, 2023.

It dealt in the sale of computer software and was registered at an office building in Robinson Road.

Court documents described the firms Wang registered as “shell companies he used to conceal the identity and illegitimate nature of his 911 S5 service and its related proceeds”.

Dozens of his assets and properties may be seized, the DOJ said.

They include a Singapore-registered 2022 Ferrari F8 Spider, bank accounts with CIMB Bank, Citibank Singapore and other Thai banks, a condominium unit in Angullia Park, as well as Patek Philippe watches among others.

The DOJ said that Wang’s customers had also allegedly targeted Covid-19 relief programmes in the US, resulting in losses of more than US$5.9 billion (S$8 billion) due to fraudulent claims made from compromised IP addresses.

It added that Wang’s arrest was a multi-agency effort led by law enforcement in the US, Singapore, Thailand and Germany.

They had searched residences and seized assets valued at about US$30 million, and identified more forfeitable property valued at another US$30 million.

Law enforcement agencies also seized 23 domains and more than 70 servers located worldwide that functioned as the backbone of Wang’s criminal activities.

The US Treasury Department has also placed Wang on its sanctions list, along with two other Chinese nationals and three businesses tied to Wang.

The two - Liu Jingping and Zheng Yanni - also hold passports from St. Kitts and Nevis, both of which were issued on May 13, 2022, according to the department’s specially designated nationals list.

Liu, who is said to be Wang’s co-conspirator in laundering the proceeds from his criminal activities, shares a common address with Wang - the condominium in Angullia Park.

Zheng does not have an address in Singapore, according to the Treasury Department.

In a separate statement, it described Zheng as someone who made several business transactions and purchased real estate property on behalf of Wang.

The three firms linked to Wang are all based in Chonburi, which is south of Thailand’s capital Bangkok.

The Straits Times has contacted the FBI and SPF for more information.

For his alleged crimes, Wang faces a maximum of 65 years in a US prison if convicted on all counts. - The Straits Times/ANN

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Singapore , arrest , Chinese , malware , Wang Yunhe , zombie , computers


Next In Aseanplus News

Captain of boat involved in death of student pays US$2,500 for funeral expenses
Mavcom and CAAM merger proposal to be tabled in Parliament
Hunt on for Cambodia's illegal Pursat loggers as timber discovered
Vietnam's instant noodles no longer subject to EU’s food safety control
Port Dickson properties urged to connect sewerage systems to central facilities for environmental protection
Vietnam strengthens legal framework on child labour
Immigration detains 87 undocumented foreigners at Seremban construction site
Laos, Mongolia mull direct flight links
China, Laos vow to steer clear of disruptions, oppose camp confrontation
Sabah forest warden claims trial to charges of bribery over illegal logging

Others Also Read