The U.S. Department of Justice (DoJ) has announced the seizure of online infrastructure associated with the Warzone RAT, a remote access trojan used for cybercriminal activities. This action follows a coordinated effort involving the FBI, which covertly purchased copies of the malware to confirm its malicious capabilities. The international operation saw collaboration from authorities in multiple countries, including Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania, and Europol.
Additionally, the DoJ revealed that two individuals, Daniel Meli and Prince Onyeoziri Odinakachi, have been arrested and indicted in Malta and Nigeria for their involvement in selling and supporting the Warzone RAT and aiding cybercriminals in malicious activities. Meli, accused of offering malware services since 2012, provided online support and sold RATs such as Pegasus RAT prior to Warzone RAT. Odinakachi also offered customer support for Warzone RAT purchasers between 2019 and 2023.
Warzone RAT, also known as Ave Maria, operates under a malware-as-a-service (MaaS) model, facilitating remote control and information theft on infected systems. Notable features include browsing victim file systems, recording keystrokes, stealing usernames and passwords, and activating webcams without consent. Despite efforts by cybercriminals to market the malware as reliable and easy to use, law enforcement agencies have successfully dismantled its online infrastructure and taken action against those involved in its distribution and support.
- International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments