The country’s first case of illegally obtaining information using "Clean Fan" software was solved

　　Scan the code and beware!

The country’s first case of illegally obtaining information using "Clean Fan" software was solved

　　Extremely fast fan cleaning, safety and stability, space saving, memory release, no traces left in detection... Many WeChat users have seen similar "fan cleaning" ads in Moments.

On September 14, on the occasion of the 2020 National Cyber ​​Security Propaganda Week, the Public Security Bureau of Nantong City, Jiangsu Province disclosed to the public that they successfully detected an illegal acquisition of computer information system data by using WeChat "cleaning powder" software in the "Net Net 2020" special operation. In the case, all five suspects involved in the crime were arrested.

　　In just three months, the criminal group illegally obtained more than 20 million WeChat group chat QR codes from users under the name of "cleaning up zombie fans," and illegally made more than 2 million yuan in profits.

This is the first such case uncovered by public security organs across the country.

　　In order to save trouble and convenience, some WeChat users will choose the "clean fan" service.

Afterwards, some users found that strangers entered the group by scanning the QR code they shared, or they were drawn into some advertising groups.

　　In June of this year, the police of the Network Security Detachment of the Nantong Public Security Bureau discovered during their work that some of the "cleaning fans" software spread in WeChat Moments and group chats had great security risks.

　　Xu Pingnan, deputy captain of the third team of the Network Security Division of the Nantong Public Security Bureau, said that the principle of the "clean fan" software is to control the WeChat account through the application of the cluster control software, automatically send messages to all friends, and then the software automatically recognizes which "zombie fans" are. And delete it.

After obtaining the control authority of the WeChat account, the suspect seized the opportunity to illegally obtain the user's WeChat group chat QR code information, and save these group chat QR codes in the form of pictures on the server, and resell them to downstream frauds, gambling and other crimes The gang profited.

　　On July 3, Nantong Public Security Bureau established a task force to carry out its work.

The task force's research and judgment found that since February this year, strangers have frequently scanned codes into groups to spread illegal advertisements such as gambling, marketing, and even fraud. There have been more than 1,500 related cases involving more than 20 provinces and cities.

　　The task force finally locked a piece of software called "Wei Qing", which was suspected of being serious.

Xu Pingnan said that in order to attract people to use, this software spreads among WeChat users through various channels under the banner of the official fan cleaning team. Once someone clicks on the scan login detection, they can directly log in to their WeChat through the backend server and get all the information. User permissions.

　　On July 22, with the support of the public security organs in Shaoguan, Renhua, Hubei, and Tianmen in Hubei, the police of the task force arrested all five criminal suspects involved in the case.

After investigation, the criminal gang has a clear division of labor. Zhang, Liu, and He are responsible for system development and maintenance, Li is responsible for selling QR codes for profit, and Tan is responsible for attracting traffic to the WeChat public account for profit.

According to the police, the gang did not obtain official authorization, but rented servers to build their own systems.

　　"Platformization, specialization, high level of refinement, and strong concealment." said Zhang Jian, the leader of the network security detachment of Nantong Public Security Bureau, from illegally obtaining personal information of WeChat users to downstream advertising, marketing and other networks Crime and related cyber black and gray industries have formed an industry chain with independent and closely coordinated links.

　　Nantong Net Police reminded that once you agree to use this type of "fan cleaning" software, it means that your account is completely "taken over" by others, and criminals can easily obtain relevant personal information.

It is recommended that netizens try not to use plug-ins and software that break official software agreements or have plug-in functions to avoid possible risks.

　　Su Jinan, China Youth Daily, China Youth Daily reporter Li Chao Source: China Youth Daily