FBI Advises Deleting PaladinVPN, DewVPN, MaskVPN, and More

On May 29, 2024, the Federal Bureau of Investigation (FBI) seized the domains of six free VPN services over claims of supporting a proxy botnet.

The campaign, dubbed 911 S5, involved a large ring of hackers exploiting the VPNs to comprise user devices, causing victims to lose billions of dollars. 

The seized domains include the popular PaladinVPN that boasted thousands of users. Others scooped in this dragnet are DewVPN, MaskVPN, ProxyGate, ShieldVPN, and ShineVPN. 

The chronology of events

In early April 2024, Microsoft, sounded the alarm on PaladinVPN through its Windows Defender security suite, cautioning users that the VPN service was potentially masquerading as a trojan on Windows-based PCs.

This forced PaladinVPN’s team to log a complaint with the software giant on April 24, 2024, terming the move as erroneous. Further, the vendor advised its customers to ignore the warning by claiming its VPN was safe and referred them to VPNCentral’s review of the service. 

Shortly after, on May 15, 2024, PaladinVPN unexpectedly shut down its service and listed its domain for sale for US$10,000. Surprisingly, the rest of the involved VPNs stopped functioning around the same time.

On May 29, 2024, the FBI seized the domains of the aforementioned vendors and labeled them “illegitimate VPN applications.”  Visiting the vendors’ websites displays the warning below, indicating FBI’s takeover of the vendors’ domains.

Why the FBI Siezed PaladinVPN + five other free VPN services

Users that downloaded PaladinVPN, DewVPN, MaskVPN, ProxyGate, ShieldVPN, and ShineVPN, unknowingly became victims of the 911 S5 botnet, as mentioned by the FBI. 

The VPN apps apparently allowed intruders to create backdoors on the victims’ devices, enabling them to conduct cybercrime activities. Some include “Bomb threats, financial fraud, identity theft, child exploitation, and initial access brokering,” according to the FBI’s report.

This illegal operation comprised one of the largest botnets riding on residential proxy services, constituting 19 million compromised IP addresses across 190+ countries. 

So far, the US Office of Foreign Assets Control (OFAC), with the help of the FBI, has imposed sanctions on various persons and organizations, as reported by Spiceworks.

Notable individuals include three Chinese masterminds Jingping Liu, Yunhe Wang, and Yanni Zheng. They’re suspected to be the primary architects to the fraud, which has so far cost victims billions of dollars in losses.

The sanctions also targeted Thailand-based companies Lily Suites Company Limited, Spicy Code Company Limited, and Tulip Biz Pattaya Group Company Limited. These provided a channel for laundering the money obtained from the botnet’s operations.

How to remove the illegal VPNs

The FBI has issued a caution advising users of the condemned VPNs to uninstall them. You can quickly do this by using the following these steps:

1. Install a free version of Revo Uninstaller.
2. Run the app, look for the illegal VPN, and select Uninstall.

3. Skip making a system restore point and Continue.

4. Choose the option to uninstall the VPN and all of its components.

5. Select Advanced to scan any remnants of the app. This process may take a few seconds to complete.

6. Select all registry items and delete the data.

7. Choose all leftover files and click delete.

That’s all it takes to do away with the illegal VPNs.

Moving forward

Our review of PaladinVPN raised doubts about its security and privacy. The vendor admittedly used devices installed with the VPN as a part of a residential proxy.

In fact, the company claimed its partners paid for the service to make it free for everyone. Accordingly, this debacle unearths the length that free VPN providers can go to generate revenue. 

Overall, going with a premium VPN service is your best bet to keep your browsing private and secure. It’s better to go with a reputable provider than risk it all using a dodgy cost-free service.