FBI Busts Warzone RAT Operation, Arrests Malware Vendor

In a significant blow to cybercrime, the FBI has dismantled the Warzone RAT malware operation, culminating in the seizure of critical infrastructure and the apprehension of two individuals linked to the illicit enterprise.

Daniel Meli, a 27-year-old resident of Malta, was apprehended last week for his involvement in proliferating Warzone RAT, also known as ‘AveMaria,’ a notorious remote access trojan with a lengthy history of exploitation in cybercrime circles.

Warzone RAT, a commodity malware devised in 2018, boasts a plethora of features tailored to facilitate cybercriminal activities, ranging from UAC bypass and covert remote desktop access to data theft mechanisms like cookie and password extraction, keylogging, webcam surveillance, file manipulation, and process management.

Meli’s arrest, executed on February 7, 2024, was the culmination of a meticulously coordinated effort involving the Malta Police Force, the Office of the Attorney General of Malta, and bolstered by support from the U.S. Department of Justice (DoJ) and the FBI.

Simultaneously, federal authorities in Boston seized four domains associated with the Warzone RAT infrastructure, including the primary website, “warzone.ws.”

Another indictment issued by a federal grand jury in the District of Massachusetts targets Prince Onyeoziri Odinakachi, a 31-year-old Nigerian accused of providing customer support to cybercriminals purchasing access to Warzone RAT. Odinakachi was apprehended in Nigeria on the same day as Meli’s arrest and the takedown of the malware’s selling domains.

In addition to the arrests and domain seizures, the international law enforcement operation spearheaded by the FBI successfully identified and confiscated server infrastructure linked to the malware across multiple countries, including Canada, Croatia, Finland, Germany, the Netherlands, and Romania.

While Meli’s exact role in the creation of Warzone RAT remains ambiguous, the U.S. DoJ announcement implicates him primarily in the distribution and customer support for the malware. Meli’s criminal activities reportedly date back to at least 2012, when, at the age of 15, he engaged in selling hacking ebooks and the Pegasus RAT on behalf of a criminal entity known as ‘Skynet-Corporation.’

Facing charges that could potentially lead to 15 years of imprisonment, followed by three years of supervised release and substantial fines, Meli is sought for extradition from Malta to the United States, where he will stand trial in the Northern District of Georgia.

The FBI’s successful crackdown on the Warzone RAT operation underscores the agency’s commitment to combating cyber threats and holding perpetrators accountable for their criminal activities.

Protect your devices from malware by installing reputable antivirus software and keeping it updated. Be cautious of unsolicited emails or messages containing suspicious links or attachments, and avoid downloading files from untrustworthy sources. User also should regularly back up data to an external hard drive or cloud storage to mitigate the impact of potential malware attacks.