© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

Millions of computers part of botnet because of backdoor in VPN apps


Over 19 million computers in 190 countries have become part of the 911 S5 botnet. Users downloaded free, but malicious VPN apps with a backdoor.

Whoever installed MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN or ShineVPN, were automatically made part of the 911 S5 botnet. According to the FBI which recently dismantled the botnet, it was “one of the largest residential proxy services and botnet” in the world.

The 911 S5 botnet provided criminals access to compromised IP addresses and associated devices owned by individuals and businesses by distributing malicious proxy backdoors that were built into VPN applications.

“Free, illegitimate VPNs were packaged within pirated video games and software that victims downloaded on devices or machines. Once the download was complete, the VPN application and proxy backdoor were both installed silently on victims’ devices without their consent, unknowingly becoming a victim of the 911 S5 botnet,” the FBI says in a public service announcement.

The backdoor enabled 911 S5 users to re-route their devices through victims’ devices, allowing them to carry out all sorts of crimes, such as financial fraud, identity theft, distribution of child sexual abuse material (CSAM) and cyber stalking to name a few. By using the built in backdoor, it appeared as if victims were responsible for the criminal activities.

The FBI estimates that the 911 S5 botnet has caused billions of dollars in damages. The intelligence and security service has recently dismantled the botnet. The alleged administrator, a 35 year old man from the People’s Republic of China, has been arrested.

This is how you protect yourself against botnets

The FBI posted instructions online on how to identify and remove the VPN applications that contain the dreaded 911 S5 botnet backdoor. You open the Task Manager using Control+Alt+Delete on the keyboard and look for MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN or ShineVPN. If the Task Manager doesn’t show any of these VPNs, use the search function on the Start menu.

If one of the VPN apps is installed on your computer, then remove it by going to the ‘Add or remove programs’ menu. After the application is uninstalled, you can try to verify that the application has been removed by clicking on the Windows Icon and typing ‘File Explorer’. If you don’t see any folders labeled after the VPNs, then the malicious software is permanently removed.

The FBI, Defense Criminal Investigative Service (DCIS), and Department of Commerce (DoC) recommend avoiding questionable websites and adds, because interacting with these pages often initiates malware installation on users’ devices. They also advise to ignore suspicious emails and use antivirus software to detect and remove malware.


Leave a Reply

Your email address will not be published. Required fields are marked