The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.
Daniel Meli, 27, a resident of Malta, was arrested last week for his role in the proliferation of Warzone RAT (aka 'AveMaria'), a remote access trojan with a long history of use in cybercrime.
Warzone RAT is
commodity malware created in 2018 that offers numerous features to aid cybercrime, including UAC bypass, hidden remote desktop, cookie and password stealing, keylogging, webcam recording, file operations, reverse proxy, remote shell, and process management.
The Malta police arrested Meli at the request of the U.S. law enforcement authorities, who issued an indictment against him on December 12, 2023.
The accusations concern offenses of unauthorized damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offenses.
Meli was arrested on February 7, 2024, during a coordinated operation carried out by the Malta Police Force, the Office of the Attorney General of Malta, and supported by the U.S. Department of Justice (DoJ) and the FBI.
At the same time, Federal authorities in Boston seized four domains connected to Warzone RAT, including "warzone.ws," which was the malware's primary website.
A second indictment issued by a federal grand jury in the District of Massachusetts on January 30, 2024, targets Prince Onyeoziri Odinakachi, 31, of Nigeria, who is accused of providing customer support to cybercriminals buying access to Warzone RAT.
Odinakachi was arrested in Nigeria on February 7, simultaneously with Meli's arrest and the takedown of the malware's selling domains.
Apart from the arrests and seizure of the sites, the international law enforcement effort led by the FBI also resulted in identifying and confiscating server infrastructure linked to the malware, including in Canada, Croatia, Finland, Germany, the Netherlands, and Romania.
