Key suspect in global malware ring caught
text size

Key suspect in global malware ring caught

Chinese national earned $100m from selling infected IP addresses to other crooks, say US officials

(Photo: Reuters)
(Photo: Reuters)

SINGAPORE - A Chinese national has been arrested in an international operation on charges of creating and using malware that was used in cyberattacks, large-scale fraud and child exploitation, according to US authorities.

Wang Yunhe, 35, was arrested in Singapore on May 24, the Straits Times newspaper reported on Thursday.

His arrest follows a high-profile sweep last August that rounded up 10 Chinese citizens holding multiple nationalities charged with laundering more than $2 billion through Singapore-based financial instututions.

The US Department of Justice (DOJ) said in a statement on Wednesday that Wang and unnamed others "created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide".

From 2018 until July 2022, Wang received $99 million from sales of the hijacked proxied IP addresses either in cryptocurrency or fiat currency, the DOJ said.

It said cybercriminals who bought access to the infected IP addresses then bypassed financial fraud detection systems and stole "billions of dollars from financial institutions, credit card issuers and (US) federal lending programmes".

The losses included $5.9 billion from 560,000 fraudulent US unemployment insurance claims originating from compromised IP addresses, said the DOJ.

"Wang used the illicitly gained proceeds to purchase real property in the United States, St Kitts and Nevis, China, Singapore, Thailand and the United Arab Emirates," the DOJ statement said.

It said Wang's assets and properties included sports cars, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, luxury watches and 21 properties across several countries.

Matthew Axelrod, assistant secretary for export enforcement in the Bureau of Industry and Security at the US Department of Commerce, said the case read like a screenplay.

"A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats and exchange child exploitation materials — then using the scheme’s nearly $100 million in profits to buy luxury cars, watches and real estate," said Axelrod.

The DOJ said the operation was a multi-agency effort led by law enforcement in the US, Singapore, Thailand and Germany.

Do you like the content of this article?