Cybercrime , Fraud Management & Cybercrime , Malware as-a-Service

2 Men Arrested in Malta, Nigeria for Hawking Malware on Hacking Forums Since 2012 Cal Harrison • February 9, 2024    

Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the “takeover and infection of computers worldwide.”

See Also: OnDemand Panel | Securing Operational Excellence: Thwarting CISOs 5 Top Security Concerns

According to a U.S. Justice Department statement on Friday, authorities in Malta arrested Daniel Meli, 27, of Zabbar, Malta, on Wednesday at the DOJ’s request. Meli, who made his initial appearance before a magistrate judge in Valletta, Malta, is facing charges from a federal grand jury indictment in the U.S. District Court for the Northern District of Georgia returned on Dec. 12, 2023, which accuses him of causing unauthorized damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offenses.

Authorities said he marketed, sold and maintained two widely used strains of malware – Warzone RAT and an earlier version known as the Pegasus RAT – in online computer-hacking forums since at least 2012.

“Specifically, Meli allegedly assisted cybercriminals seeking to use RATs for malicious purposes and offered teaching tools for sale, including an eBook,” the DOJ said. “He sold through an online criminal organization called Skynet-Corporation. He also provided online customer support to purchasers of both RATs.”

Authorities in Boston seized www.warzone.ws and three related domains that “sold the Warzone remote access Trojan, which gives cybercriminals the ability to” browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras.”

FBI agents in Massachusetts covertly bought and analyzed the Warzone RAT malware and confirmed its malicious capabilities, according to court documents.

Also arrested on Wednesday was Prince Onyeoziri Odinakachi, 31, of Nigeria, by the Port Harcourt Zonal Command of Nigeria’s Economic and Financial Crimes Commission. A federal grand jury in the U.S. District Court for the District of Massachusetts on Jan. 30 indicted Odinakachi for conspiracy to commit multiple computer intrusion offenses, including obtaining authorized access to protected computers to obtain information and causing unauthorized damage to protected computers. The DOJ said that between June 2019 and March 2023, Odinakachi provided customers with online support for Warzone RAT.

The takedown encompassed an international law enforcement operation led by FBI special agents in Boston and Atlanta and coordinated through Europol. Law enforcement agencies in Canada, Croatia, Finland, Germany, the Netherlands and Romania helped secure the servers hosting the Warzone RAT infrastructure.

“Today’s actions targeting the Warzone RAT infrastructure and personnel are another example of our tenacious and unwavering commitment to dismantling the malware tools used by cybercriminals,” said Joshua S. Levy, the acting U.S. attorney for the District of Massachusetts.