The US government says it has seized and taken down the dangerous Warzone RAT malware

(Image credit: Pixabay)

Two hackers selling the Warzone RAT malware-as-a-service (MaaS) and offering customer support for their clients have been arrested, the US Department of Justice (DoJ) has announced. 

In a press release published on the DoJ website, it was said that two individuals, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31), were charged with unauthorized damage to protected computers, with Meli also being charged of “illegally selling and advertising an electronic interception device and participating in a conspiracy to commit several computer intrusion offenses."

Their infrastructure was also seized and subsequently dismantled.

"Ancient" malware

The malware they sold is called Warzone Remote Access Trojan (RAT), and it was capable of stealing sensitive data and controlling compromised endpoints remotely. The attackers could use Warzone to browse victim file systems, grab screenshots, log keystrokes, steal login credentials, and even access people’s webcams. They sold it for $38 a month, or $196 a year. 

Multiple state and international law enforcement agencies participated in the operation, the DoJ confirmed, including the FBI, Europol, and national law enforcement in Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania, and Europol. The two hackers were arrested in Mali and Nigeria, allegedly. 

During the operation, the police also seized the domains (warzone[.]ws, among others), that were used to sell the malware, the DoJ confirmed. 

Warzone RAT has been around for years, with news reports dating back years. The Hacker News claims Warzone RAT was first observed in January 2019, when a threat actor used it to target an Italian organization in the oil and gas sector. The DoJ argues that Meli offered MaaS services since at least 2012, via hacking forums, through e-books, and other methods. Discord was also mentioned as a way of communicating with the sellers.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.