International Organizational Resilience Awards

US says it dismantles ‘Warzone RAT’ malware service, suspects arrested

By Nate Raymond

BOSTON, Feb 9 (Reuters) – U.S. authorities on Friday said they had seized websites used to sell cybercriminals malware called “Warzone RAT” that could be used to steal data from victims’ computers.

Two people in Malta and Nigeria have been arrested on related charges, they added.

Federal prosecutors in Boston said law enforcement had taken down four domains that together offered to sell malware, which allowed cybercriminals to secretly connect to peoples’ computers for malicious purposes.

The malware, a so-called remote access trojan, allowed hackers to browse file systems, take screenshots, obtain a victim’s user names and passwords, record keystrokes and watch computer users through their web cameras, prosecutors said.

Jodi Cohen, head of the Federal Bureau of Investigation’s Boston office, called it sophisticated malware that was used to infect computers globally.

Two individuals abroad are now in detention and have been indicted in the United States over their alleged involvement.

An indictment filed in federal court in Atlanta charged Daniel Meli, 27, of Zabbar, Malta with causing unauthorized damage to protected computers and other cyber-related offenses.

Prosecutors said since 2012, he had sold malware products like the Warzone RAT through online computer-hacking forums and offered teaching tools, including an eBook, for sale. The U.S. government is seeking his extradition.

Prince Onyeoziri Odinakachi, 31, of Nigeria, was charged in an indictment filed in Boston with conspiracy to commit multiple computer intrusion offenses, prosecutors said.

The indictment alleged that from June 2019 to March 2023, Odinakachi provided Online Sex customer support to users of the Warzone RAT malware.

Defense lawyers for Meli and Odinakachi could not be immediately identified. (Reporting by Nate Raymond in Boston, editing by David Ljunggren)