Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
The US Department of Justice dismantled the Warzone RAT infrastructure and arrested key individuals.
The US Department of Justice has announced the confiscation of the online infrastructure used to sell a remote access trojan (RAT) called Warzone RAT. 4 domains were seized, including www.warzone[.]ws .
As part of the operation, international law enforcement agencies arrested and charged two individuals in Malta and Nigeria for their involvement in selling and supporting malware, as well as for helping other cybercriminals use the Trojan for malicious purposes.
The defendants, Daniel Meli, 27, and Prince Oneoziri Takachi, 31, are charged with unauthorized damage to protected computers, with the former also charged with "illegally selling and advertising an electronic interception device, and conspiring to commit multiple computer intrusions."
It is alleged that Meli has been offering malware services since at least 2012 through hacker forums, distributing e-books, and helping other criminals use RAT to conduct cyberattacks. Like Meli, Apache has also been providing online support to buyers of the Warzone RAT malware since June 2019.
Sold under the MaaS model for $38 per month (or $196 per year), the Warzone RAT (Ave Maria) functions as an infostiler and provides remote management, allowing an attacker to take over infected hosts for further use. Notable features of the malware include the ability to view victims 'file systems, take screenshots, record keystrokes (keylogging), steal victims' credentials, and secretly activate computer webcams.
The DoJ reported that the FBI secretly acquired copies of Warzone RAT and confirmed its malicious features. The coordinated operation included assistance from the authorities of Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania and Europol.
The US Department of Justice has announced the confiscation of the online infrastructure used to sell a remote access trojan (RAT) called Warzone RAT. 4 domains were seized, including www.warzone[.]ws .
As part of the operation, international law enforcement agencies arrested and charged two individuals in Malta and Nigeria for their involvement in selling and supporting malware, as well as for helping other cybercriminals use the Trojan for malicious purposes.
The defendants, Daniel Meli, 27, and Prince Oneoziri Takachi, 31, are charged with unauthorized damage to protected computers, with the former also charged with "illegally selling and advertising an electronic interception device, and conspiring to commit multiple computer intrusions."
It is alleged that Meli has been offering malware services since at least 2012 through hacker forums, distributing e-books, and helping other criminals use RAT to conduct cyberattacks. Like Meli, Apache has also been providing online support to buyers of the Warzone RAT malware since June 2019.
Sold under the MaaS model for $38 per month (or $196 per year), the Warzone RAT (Ave Maria) functions as an infostiler and provides remote management, allowing an attacker to take over infected hosts for further use. Notable features of the malware include the ability to view victims 'file systems, take screenshots, record keystrokes (keylogging), steal victims' credentials, and secretly activate computer webcams.
The DoJ reported that the FBI secretly acquired copies of Warzone RAT and confirmed its malicious features. The coordinated operation included assistance from the authorities of Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania and Europol.
