Cyber Sleuths Bust Warzone RAT Ring: DoJ Nets Malware Merchants in Global Sting

In a digital sting operation, the DoJ snagged the Warzone RAT’s cyber-lair, cuffing two alleged cyber-ne’er-do-wells. Hide your files, folks—the RAT’s out of the race! 🐀💻🚓 #WarzoneRATSeized

Hot Take:

Warzone RAT might sound like a bad video game, but it’s actually a cybercriminal’s Swiss Army knife – and not the kind you want in your digital pocket. The U.S. Justice Department just played whack-a-mole with its online hideouts and scored some big hits. RIP Warzone[.]ws, we won’t miss your dubious ‘customer support’ and definitely not your $38 monthly steal… I mean, deal!

Key Points:

  • U.S. Justice Department seizes domains of Warzone RAT, a malware-as-a-service provider.
  • Two suspects, Daniel Meli and Prince Onyeoziri Odinakachi, face charges for their roles in peddling the malware.
  • Warzone RAT, also known as Ave Maria, has features like keystroke recording and webcam activation without consent.
  • International law enforcement effort involved multiple countries and resulted in arrests on February 7, 2024.
  • Despite sounding like a rejected Call of Duty title, Warzone RAT has been used by cybercrime groups and state-sponsored actors.
Cve id: CVE-2017-11882
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 01/20/2021
Cve description: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Need to know more?

The Digital Pest Control Operation

Imagine a pest so annoying that international law enforcement agencies come together for a big, bad bug hunt. That's what happened with Warzone RAT. The FBI played secret shopper, bought the malware, and—surprise—it was as malicious as advertised. With a coordinated sting, they shut down its online marketplaces faster than you can say "cybercrime crackdown."

'Meli' the Malware Merchant

One of the accused, Daniel Meli, wasn't just selling digital lock picks since 2012; he was practically running a malware masterclass. His e-books and forums were like the Dark Web's version of a self-help section—except for helping you help yourself to others' data.

A Cybercriminal's Dream Tool

For the low, low price of $38 a month, any aspiring hacker could commandeer Warzone RAT to snoop through file systems or creepily activate webcams. It's like the creepy ex of software, lurking in the shadows of your digital life. And just like that ex, it could record all your keystrokes, because apparently, it doesn't know how to let go.

Phishing for Compliments... and Data

Warzone RAT's modus operandi? The classic phishing email, dressed up to look like a Microsoft Excel file. Because nothing screams "open me!" like a spreadsheet. Once the victim took the bait, Warzone RAT would cozy up to its command-and-control server using an RC4 algorithm, because why use HTTP when you can go full James Bond with your communications?

Global Pest Control Efforts

It wasn't just the U.S. throwing punches at this cybercriminal enterprise. Australia, Canada, and a whole host of other countries joined the fray. It's like the Avengers, but instead of fighting aliens, they're tackling malware. And instead of capes, they have... well, probably just regular law enforcement gear. But you get the picture!

Tags: Ave Maria virus, Command-and-Control Server, law enforcement takedown, malware-as-a-service, phishing attacks, Remote Access Trojan, Warzone RAT