Two Men Arrested for Selling Malware on Hacking Forums Since 2012

Federal authorities have made arrests in Malta and Nigeria in connection with a dark web business that has been selling Remote Access Trojan (RAT) malware to cybercriminals for over a decade. The business, known as Skynet-Corporation, has been operating since at least 2012 and has led to the “takeover and infection of computers worldwide,” according to the U.S. Justice Department.

One of the men arrested is Daniel Meli, 27, from Zabbar, Malta. He is facing charges from a federal grand jury indictment in the U.S. District Court for the Northern District of Georgia, including causing unauthorized damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offenses. Authorities allege that Meli marketed, sold and maintained two widely used strains of malware – Warzone RAT and an earlier version known as the Pegasus RAT – in online computer-hacking forums and provided online customer support to purchasers of both RATs. The DOJ also stated that he offered teaching tools for sale, including an eBook.

Moreover, authorities in Boston seized several internet domains related to the sale of the Warzone remote access Trojan, including www.warzone.ws. This malware gives cybercriminals the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras. FBI agents in Massachusetts covertly bought and analyzed the Warzone RAT malware, confirming its malicious capabilities.

In addition to Meli’s arrest, Prince Onyeoziri Odinakachi, 31, from Nigeria, was also arrested for his involvement in the conspiracy to commit multiple computer intrusion offenses. Odinakachi provided customers with online support for Warzone RAT between June 2019 and March 2023.

The takedown of this dark web business was part of an international law enforcement operation led by FBI special agents in Boston and Atlanta and coordinated through Europol. Law enforcement agencies in Canada, Croatia, Finland, Germany, the Netherlands and Romania also assisted in securing the servers hosting the Warzone RAT infrastructure.

The acting U.S. attorney for the District of Massachusetts, Joshua S. Levy, commented, “Today’s actions targeting the Warzone RAT infrastructure and personnel are another example of our tenacious and unwavering commitment to dismantling the malware tools used by cybercriminals.”

The arrests and takedown of the associated infrastructure mark a significant victory for law enforcement agencies in the ongoing battle against cybercrime and the proliferation of malware. It also serves as a reminder of the importance of international cooperation in combating cyber threats that transcend national borders. This operation has disrupted a long-standing cybercriminal operation and will likely have a positive impact on cybersecurity worldwide.

Source link