HomeMalware & ThreatsAuthorities Arrest Individual Alleged to be Selling Widely Used RAT Malware

Authorities Arrest Individual Alleged to be Selling Widely Used RAT Malware

Published on

spot_img

Two Men Arrested for Selling Malware on Hacking Forums Since 2012

Federal authorities have made arrests in Malta and Nigeria in connection with a dark web business that has been selling Remote Access Trojan (RAT) malware to cybercriminals for over a decade. The business, known as Skynet-Corporation, has been operating since at least 2012 and has led to the “takeover and infection of computers worldwide,” according to the U.S. Justice Department.

One of the men arrested is Daniel Meli, 27, from Zabbar, Malta. He is facing charges from a federal grand jury indictment in the U.S. District Court for the Northern District of Georgia, including causing unauthorized damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offenses. Authorities allege that Meli marketed, sold and maintained two widely used strains of malware – Warzone RAT and an earlier version known as the Pegasus RAT – in online computer-hacking forums and provided online customer support to purchasers of both RATs. The DOJ also stated that he offered teaching tools for sale, including an eBook.

Moreover, authorities in Boston seized several internet domains related to the sale of the Warzone remote access Trojan, including www.warzone.ws. This malware gives cybercriminals the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras. FBI agents in Massachusetts covertly bought and analyzed the Warzone RAT malware, confirming its malicious capabilities.

In addition to Meli’s arrest, Prince Onyeoziri Odinakachi, 31, from Nigeria, was also arrested for his involvement in the conspiracy to commit multiple computer intrusion offenses. Odinakachi provided customers with online support for Warzone RAT between June 2019 and March 2023.

The takedown of this dark web business was part of an international law enforcement operation led by FBI special agents in Boston and Atlanta and coordinated through Europol. Law enforcement agencies in Canada, Croatia, Finland, Germany, the Netherlands and Romania also assisted in securing the servers hosting the Warzone RAT infrastructure.

The acting U.S. attorney for the District of Massachusetts, Joshua S. Levy, commented, “Today’s actions targeting the Warzone RAT infrastructure and personnel are another example of our tenacious and unwavering commitment to dismantling the malware tools used by cybercriminals.”

The arrests and takedown of the associated infrastructure mark a significant victory for law enforcement agencies in the ongoing battle against cybercrime and the proliferation of malware. It also serves as a reminder of the importance of international cooperation in combating cyber threats that transcend national borders. This operation has disrupted a long-standing cybercriminal operation and will likely have a positive impact on cybersecurity worldwide.

Source link

Latest articles

CISA RRAP Launched to Enhance Infrastructure Security

The Regional Resiliency Assessment Program (RRAP), a collaborative effort between the Cybersecurity and Infrastructure...

Law enforcement action disrupts LockBit ransomware operation. Health care cyberattack disrupts prescription processing.

Operation Cronos, a law enforcement initiative, has successfully disrupted the activities of the LockBit...

Russian Ministry Software Infected with North Korean KONNI Malware

A recent cybersecurity revelation has shed light on the KONNI malware, a tool associated...

Infiniti USA Cyberattack Reveals New Mogilevich Ransomware

Infiniti USA, the luxury vehicle division of Nissan, found itself at the center of...

More like this

CISA RRAP Launched to Enhance Infrastructure Security

The Regional Resiliency Assessment Program (RRAP), a collaborative effort between the Cybersecurity and Infrastructure...

Law enforcement action disrupts LockBit ransomware operation. Health care cyberattack disrupts prescription processing.

Operation Cronos, a law enforcement initiative, has successfully disrupted the activities of the LockBit...

Russian Ministry Software Infected with North Korean KONNI Malware

A recent cybersecurity revelation has shed light on the KONNI malware, a tool associated...
en_USEnglish