FBI Seizes Domains Linked to Warzone RAT Malware Sales, Indicts Suspects
The Warzone RAT malware, a sophisticated Remote Access Trojan (RAT), was on sale via internet domains. The RAT malware enabled cybercriminals to browse victims’ file systems, take screenshots, record keystrokes, steal victims’ usernames and passwords, and watch victims through their web cameras, all without the victims’ knowledge or permission.
The operation was led by the FBI and supported by Europol and the Joint Cybercrime Action Taskforce (J-CAT).
Daniel Meli, 27, of Zabbar, Malta, was arrested on Feb. 7 at the request of the United States, following a coordinated operation by the Malta Police Force and the Office of the Attorney General of Malta, with the support of the FBI and Justice Department. Meli made his initial appearance before a Magistrate Judge in Valletta, Malta. Meli was indicted by a federal grand jury in the Northern District of Georgia on Dec. 12, 2023, for four offenses, including causing unauthorized damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offenses.
According to charging documents, since at least 2012, Meli offered malware products and services for sale to cybercriminals through online computer-hacking forums. Specifically, Meli allegedly assisted cybercriminals seeking to use RATs for malicious purposes and offered teaching tools for sale, including an eBook. Meli also allegedly sold both the Warzone RAT and, before that, malware known as the Pegasus RAT, which he sold through an online criminal organization called Skynet-Corporation. He also provided online customer support to purchasers of both RATs. The Northern District of Georgia is seeking Meli’s extradition to the United States.
Separately, Prince Onyeoziri Odinakachi, 31, of Nigeria, was indicted by a federal grand jury in the District of Massachusetts on Jan. 30 for conspiracy to commit multiple computer intrusion offenses, including obtaining authorized access to protected computers to obtain information and causing unauthorized damage to protected computers.
According to charging documents, between June 2019 and no earlier than March 2023, Odinakachi provided online customer support to individuals who purchased and used the Warzone RAT malware. Law enforcement officers of the Port Harcourt Zonal Command of Nigeria’s Economic and Financial Crimes Commission arrested Odinakachi on Feb. 7.
“This action highlights the FBI’s commitment to disrupting cybercriminal actors and taking down their infrastructure,” said Assistant Director Brian Vorndran of the FBI’s Cyber Division. “The FBI is proud of the international coordination involved in this law enforcement effort, and we will continue to build global partnerships to go after cybercriminals who seek to harm the American people.”
Anyone who is a victim of a Warzone RAT computer intrusion is urged to report it to the FBI at https://wzvictims.ic3.gov.