The US government says it has seized and taken down the dangerous Warzone RAT malware

Two people suspected of being involved in Warzone RAT were also arrested

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Two hackers selling the Warzone RATmalware-as-a-service (MaaS) and offering customer support for their clients have been arrested, the US Department of Justice (DoJ) has announced.

In a press release published on the DoJ website, it was said that two individuals, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31), were charged with unauthorized damage to protected computers, with Meli also being charged of “illegally selling and advertising an electronic interception device and participating in a conspiracy to commit several computer intrusion offenses."

Their infrastructure was also seized and subsequently dismantled.

“Ancient” malware

“Ancient” malware

The malware they sold is called Warzone Remote Access Trojan (RAT), and it was capable of stealing sensitive data and controlling compromised endpoints remotely. The attackers could use Warzone to browse victim file systems, grab screenshots, log keystrokes, steal login credentials, and even access people’s webcams. They sold it for $38 a month, or $196 a year.

Multiple state and international law enforcement agencies participated in the operation, the DoJ confirmed, including the FBI, Europol, and national law enforcement in Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania, and Europol. The two hackers were arrested in Mali and Nigeria, allegedly.

During the operation, the police also seized the domains (warzone[.]ws, among others), that were used to sell the malware, the DoJ confirmed.

Warzone RAT has been around for years, with news reports dating back years.The Hacker Newsclaims Warzone RAT was first observed in January 2019, when a threat actor used it to target an Italian organization in the oil and gas sector. The DoJ argues that Meli offered MaaS services since at least 2012, via hacking forums, through e-books, and other methods. Discord was also mentioned as a way of communicating with the sellers.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)