FREE VPNs OR CYBER TRAPS? THE 911 S5 BOTS EXPOSED

By the silent guardian

If you have been in the I.T. world for a while, you will understand there's always a caveat for using free software. This caveat could be in the form of spyware infection, trojans, or bot infections.

On Wednesday 29th May 2024, the Office of Public Affairs under the Department of Justice (USA), released an official statement on the closing down of possibly the world's largest botnet (911 S5) and the arrest of its alleged owner YungHe Wan. This botnet was complicit in multiple cybercrimes not limited to child exploitation, bomb threats, export violations, large-scale fraud, etc. According to the US DOJ, this has been a difficult yet award-winning investigation that has been very fruitful over the years. 

911 s5 seized domain
This is the result of attempting to visit the 911 s5 domain:

WHAT IS A BOTNET?

A botnet is a network of compromised computers, often referred to as "bots" or "zombies," that are controlled remotely by a malicious actor, known as a "botmaster" or "bot herder." These infected machines are typically used to perform various cybercriminal activities without the knowledge or consent of the owners of the compromised devices.
Simply put, your PC or Mobile Phone could be a zombie and you wouldn't have the slightest idea. This infection of your device mostly takes place with your permission normally via the installation of trojans and other types of malware disguised as legitimate software.
Once your device is infected, it will be recruited as a zombie that can receive instructions from the "CNC", (Command and Control, a dedicated server in the  cloud) to perform illicit tasks unknowingly. With bots, a user may never be aware that his/her device is being used to attack or send messages to victims. 

WHAT IS A BACKDOOR? 

A "backdoor" refers to a hidden or undocumented method of bypassing normal authentication or security controls within a system, application, or network. Backdoors are typically created intentionally by developers or attackers to allow unauthorized access to a system, often for malicious purposes.
Most compromised applications are laced with backdoors without users knowing, they usually operate in the background while the device is running if the specific app is launched or if a particular condition is met.

WHAT MAKES 911 S5 A BIG DEAL?

The 911 s5 stands out with about 19 million compromised IP addresses from over 190 countries worldwide. One of the record-breaking botnets ever! According to the US DOJ, it was a very sophisticated botnet such that infected zombies contributed to the "identity-theft" of people whose devices were then used to commit cybercrimes unbeknownst to them. The 911 S5 operated as VPNs mostly

THE WILD APPS USED TO TARGET VICTIMS AND 

In Ghana, for instance, there has been a surge since 2023 in free VPNs downloadable from legitimate and questionable sources online that were rendering some form of free internet service. I always caution my pals about the security implications of such apps. Here are the 5 recognized VPNs used to mask the activities of 911 S5
  • MaskVPN
  • DewVPN
  • PaladinVPN
  • ProxyGate
  • ShieldVPN 
  • ShineVPN

These were all along zombies, using devices of innocent victims to perpetrate illegal cyber crimes online, in worst cases stealing crucial PII(Personally Identifiable Information) and using it to target potential victims. This makes it a complex task.

Though the botnet has been operating since 2014, it was shut down in July 2022 only to be re-established in October 2023 with better features. Per the US DOJ report, it became a "botnet-of-focus"  during an investigation into a money laundering and smuggling scheme between GHANA and the USA where Cybercriminals were using compromised IP addresses bought from 911 S5 in fraudulent purchases with stolen credit cards on ShopMyExchage( a legit e-commerce website). Though $ 5.5 Million value attempted transactions were submitted, with a timely intervention by cyber intelligence, only transactions worth $254,000 went through, with the rest withheld and reversed. (Unfortunately, Ghana has been flagged again for the wrong reason, these are some of the reasons why the country has been blacklisted by PayPal and others.)

WHY YOU SHOULD BE CONCERNED

1. Have you ever used a 911 s5 service deliberately? If yes, then, you should know that your data may not be safe. It may be part of the criminal database currently in the hands of the FBI and its sister organizations. Your identity could also be out there in the wild. You may have paid for your PII to be stolen for free.

2. Do you use a free VPN? There's nothing like free online, there's always a caveat!

3. Have you ever installed any of the of the VPNs above? If yes, there's still some good news out there for you. Steps to mitigate the situation and prevent infection are provided below:

IDENTIFYING AND REMOVING THE 911 S5 APPS AND BACKDOORS

1. Uninstall the above apps if any are on your device.
2. Check Task Manager to see the kinds of processes running on your device. If any of the names mentioned above are found running as .exe, the process should be stopped, and the app should be uninstalled. This is quite simpler to do on PCs than on Mobile phones.
3. From my perspective and advice, you can also proceed to check your registry for any leftover files.
4. You can also look into "ProgramData" folder to see any traces and remove it




As the internet evolves, so do the crimes and criminals, always choose security over free software when you are online. Avoid or limit the use 
of free VPNs and stay safe. Due to the cost of internet subscriptions in Ghana, most of digitally literate youth are tempted to use so-called "free VPNs" to gain internet access. I have see a few friends who use such services that request you watch a short video in order to gain free access to the internet. The big question is, from the point of cyber security, do you really know what you are doing? The kind of permissions you have granted those apps? The hidden terms and conditions, the hidden privacy laws of those apps? Always choose security over "easy-to-use-free apps" and stay safe!



Comments

Post a Comment

Popular posts from this blog

DON'T BUY A PEN DRIVE WITHOUT READING THIS!

By the silent guardian
Image
Pen drives, Flash drives, or Thumb drives refer to the same storage device that facilitates data transfer. Without modern-day pen drives, it will be a tiring task to transfer data from one source to the other. Although pen drives are common, few people know how they operate and the factors to consider before buying a pen drive. Let's talk about what you should consider before buying a pen drive. 1. THE CHASSIS (Metallic, Silicone, or Wood) Ordinary pen drive chassis is primarily metallic, a few designs are silicone while others are wooden. Normally, users will not pay attention to these designs since the main focus is the functionality. Yet it plays an important role given some circumstances. Let's go straight to the point: Metallic pen drives are not suitable for younger children, the reason is, they can produce electrical shocks when a computer has a little electricity leaking through a component somewhere within. On the other hand, faulty metallic pen drives can also heat ...
Read more

THINGS THEY DON'T TELL YOU ABOUT CYBERSECURITY

By the silent guardian
Image
If you are into I.T., chances are, you came across a video, on social media explaining how lucrative you can earn a lot of money within the shortest possible time via Cybersecurity. These ads and videos briefly explain how you can learn from free online resources and become an expert in weeks if not months!  Cybersecurity The question then is, how true are these claims and ads? Has anyone followed any of these courses and become an expert in months? Any critical thinker can easily analyze these claims carefully, and with a little research will soon realize that most of these videos, ads, and claims are half-baked and fall short of the truth, especially for Africans. Cybersecurity is a broad and interesting field, but a complex maze with multiple cubicles. One must therefore be careful not to get lost and lose hope within this maze. Several people are eyeing the possibility of becoming a cybersecurity operative only to give up after a few months of unsuccessful attempts to understan...
Read more

PEN DRIVE FRAUD ALERT: VERIFY YOUR USB STORAGE WITH THESE TESTS

By the silent guardian
Image
Flash media   (Storage devices that use flash memory)   has been around for a while and has been the favorable medium for transferring data. While the older versions of flash media were at most genuine, the recent Ghanaian market has been flooded with tons of fake and fraudulently manufactured flash drives   (pen drives and memory cards) . pen drives in Ghana This has been the modus operandi of some overseas manufacturers with most encounters from China ( where we ship most of the tested flash drives) . In Ghana, the common dealers of flash memory devices are the petty traders commonly referred to as “Abotsi” ( Malian, Burkinabe, or Nigerien)  retailing small commodities usually by hawking. They are the main retailers of most petty Chinese–made goods in Ghana. They end up in the "cycle of sales" as innocent victims of a fraud scheme, without knowing the details of the products they sell. 1. PEN DRIVE STORAGE CAPACITY EXPLAINED  In computing, 1024 MB (Megabyte) u...
Read more