Chinese national arrested on malware charges in international operation

SINGAPORE: The United States Department of Justice (DOJ) said a Chinese national was arrested in an international operation on charges of creating and using malware that was used in cyber attacks, large-scale fraud and child exploitation.

Singapore’s Straits Times newspaper reported on Thursday that the man, 35-year-old Wang Yunhe, was arrested in the city-state on May 24.

Wang’s arrest follows last August’s high-profile sweep of 10 Chinese citizens holding multiple nationalities charged with laundering more than $2 billion through the Asian financial hub.

The Department of Justice said in a statement dated May 29 that Wang and unnamed others allegedly “created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide”.

From 2018 until July 2022, Wang received $99 million from sales of the hijacked proxied IP addresses either in cryptocurrency or fiat currency, the DOJ said.

It said cybercriminals who bought access to the infected IP addresses then bypassed financial fraud detection systems and stole “billions of dollars from financial institutions, credit card issuers, and federal lending programmes”.

This includes fraudulent loss exceeding $5.9 billion from 560,000 fraudulent unemployment insurance claims originating from compromised IP addresses, said the DOJ.

“Wang used the illicitly gained proceeds to purchase real property in the United States, St. Kitts and Nevis, China, Singapore, Thailand, and the United Arab Emirates,“ the DOJ statement said.

It said Wang’s assets and properties included sports cars, more than a dozen domestic and international bank accounts, over two dozen cryptocurrency wallets, luxury watches and 21 properties across several countries.

Matthew S. Axelrod, assistant secretary for export enforcement at the U.S. Department of Commerce’s Bureau of Industry and Security, said the case read like a screenplay.

“A scheme to sell access to millions of malware-infected computers worldwide, enabling criminals over the world to steal billions of dollars, transmit bomb threats, and exchange child exploitation materials—then using the scheme’s nearly $100 million in profits to buy luxury cars, watches, and real estate,“ said Axelrod.

DOJ said the operation was a multiagency effort led by law enforcement in the U.S., Singapore, Thailand, and Germany.