The US government says it has seized and removed the dangerous Warzone RAT malware
Two hackers selling Warzone RAT malware-as-a-service (MaaS) and providing customer support for their customers have been arrested, the US Department of Justice (DoJ) has announced.
In a press release published on the DoJ website, it said that two individuals, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31), were charged with unauthorized damage to protected computers, with Meli also accused of “illegal selling and advertising an electronic interception device and participating in a conspiracy to commit various computer intrusion crimes.”
Their infrastructure was also seized and subsequently dismantled.
“Old” malware
The malware they sold was called Warzone Remote Access Trojan (RAT) and was capable of stealing sensitive data and remotely controlling compromised endpoints. The attackers were able to use Warzone to browse victims’ file systems, take screenshots, record keystrokes, steal login credentials, and even access people’s webcams. They sold it for $38 a month, or $196 a year.
Multiple state and international law enforcement agencies participated in the operation, the DoJ confirmed, including the FBI, Europol and national law enforcement agencies in Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania and Europol. . The two hackers were reportedly arrested in Mali and Nigeria.
During the operation, police also seized the domains (including warzone(.)ws) used to sell the malware, the DoJ confirmed.
Warzone RAT has been around for years, with news reports going back years. The hacker news claims that Warzone RAT was first observed in January 2019, when a threat actor used it to target an Italian organization in the oil and gas sector. The DoJ states that Meli had been offering MaaS services since at least 2012, through hacking forums, e-books and other methods. Disagreement was also mentioned as a way to communicate with the sellers.