Two hackers selling Warzone RAT malware-as-a-service (MaaS) and offering customer support for their customers have been arrested, the US Department of Justice (DoJ) announced.
In a press release posted on the Department of Justice website, it was said that two people, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31), were charged with unauthorized damage to protected computers, and Meli was also She was charged with “unlawfully selling and advertising an electronic interception device and participating in a conspiracy to commit various computer intrusion offenses.”
Its infrastructure was also confiscated and later dismantled.
“Old” malware
The malware they sold is called Warzone Remote Access Trojan (RAT) and was capable of stealing sensitive data and controlling compromised endpoints remotely. Attackers could use Warzone to explore victims' file systems, take screenshots, log keystrokes, steal login credentials, and even access people's webcams. They sold it for $38 a month, or $196 a year.
Multiple state and international law enforcement agencies were involved in the operation, the Department of Justice confirmed, including the FBI, Europol and national authorities from Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania and Europol. . The two hackers were allegedly arrested in Mali and Nigeria.
During the operation, the police also seized the domains (war zone[.]ws, among others), which were used to sell the malware, the Department of Justice confirmed.
Warzone RAT has been around for years, with news reports dating back years. Hacker News claims that the Warzone RAT was first observed in January 2019, when a threat actor used it to attack an Italian organization in the oil and gas sector. The Justice Department maintains that Meli has offered MaaS services since at least 2012, through hacking forums, e-books and other methods. Discord was also mentioned as a way to communicate with sellers.