‘Warzone RAT’ dismantled in international law enforcement operation that also involved arrests of suspects in Malta & Nigeria.
The US Justice Department announced last Fri. that the ‘Warzone RAT’ cyber-crime enterprise has been dismantled as a result of an international law enforcement operation.
US authorities have also unsealed charges brought against 2 people allegedly selling the malware & offering support to users.
Internet Domains
Authorities have seized 4 internet domains that were used to sell the ‘Warzone RAT.’
The domains now display a takedown notice informing visitors that the websites have been seized as a result of a law enforcement action involving agencies in the US, Canada, Netherlands, Germany, Croatia, Malta, Romania, Finland, Australia, & Nigeria, with support from Europol.
Servers hosting ‘Warzone RAT’ infrastructure have also been targeted in the law enforcement operation.
‘Warzone’ is a Remote Access Trojan that allows users to stealthily connect to infected devices & conduct various activities, such as browsing files, recording keystrokes, taking screenshots, stealing credentials, & spying through the computer’s camera. The cost of a ‘Warzone RAT’ ‘license’ ranged between $16 & $38 per month.
‘Ave Maria RAT’
The malware is also known as ‘Ave Maria RAT’. & it has been seen in numerous attacks, including ones linked to suspected state-sponsored threat actors.
One of those charged for his role in the ‘Warzone RAT’ operation is 27-year-old Daniel Meli of Malta. The charges are ‘causing unauthorised damage to protected computers,’ ‘illegally selling & advertising an electronic interception device,’ & ‘participating in a conspiracy to commit computer intrusions.’
‘Pegasus RAT’
Authorities outlined that Meli has been selling malware & associated services on cyber-crime forums since at least 2012. In addition to ‘Warzone RAT’, he is thought to have sold ‘Pegasus RAT,’ & allegedly offered online support to customers of both pieces of malware.
The 2nd suspect is 31-year-old Prince Onyeoziri Odinakachi of Nigeria, who has been charged with obtaining authorised access to protected computers to obtain information & causing unauthorised damage to protected computers.
Investigators think Odinakachi provided online support to ‘Warzone RAT’ customers between at least June 2019 & March 2023.
Extradition
Both Odinakachi & Meli were arrested on Feb. 7 in their home countries, & the US is seeking their extradition. If convicted, they can spend up to 10 years in prison & be ordered to pay a large fine.
The US Justice Department also announced a dedicated website where victims of the ‘Warzone RAT’ can file a report with the FBI.
