cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

US authorities seize Warzone malware infrastructure

The US Department of Justice has announced it has shut down several for-sale websites, leading to the arrests of two individuals over malware sales and support - with AFP assistance.

user icon David Hollingworth
Mon, 12 Feb 2024
US authorities make arrests, dismantle Warzone malware infrastructure
expand image

The US Department of Justice has successfully seized a number of websites linked to the sale of the Warzone remote access Trojan (RAT).

In addition, two men have been arrested in separate operations.

The website www.warzone[.]ws was seized, alongside three other related domains. Warzone itself is a RAT capable of stealing and exfiltrating data, tracking keystrokes, and taking screenshots of infected machines.


Apart from selling the malware, the seized sites also offered support and guides on using it.

The seizure of the sites was part of an international law enforcement operation that also saw the arrest of one man, Daniel Meli, 27, of Zabbar, Malta, who was arrested by Maltese police on 7 February in an operation supported by the FBI and Justice Department, and carried out by the Malta Police Force and the Office of the Attorney General of Malta. Meli is charged with four offences related to the sale and operation of the RAT.

According to the DOJ, Meli has been selling and supporting Warzone since at least 2012. The US is seeking his extradition.

A Nigerian man was also indicted over the sale and support of the malware but has yet to be arrested.

Prince Onyeoziri Odinakachi, 31, of Nigeria, was arrested on 7 February by officers from the Port Harcourt Zonal Command of Nigeria’s Economic and Financial Crimes Commission. Odinakachi is facing a number of charges relating to the sale and use of Warzone, having provided support for the malware between June 2019 and no earlier than March 2023.

The international operation was led by FBI agents in Atlanta and Boston in the US, with assistance from Europol. FBI agents were able to secretly purchase the malware, allowing them to analyse its functionality.

Authorities in Canada, Croatia, Finland, Germany, the Netherlands, and Romania also provided assistance in securing the Warzone servers, while the Australian Federal Police provided intelligence that assisted in the locating and arrest of Meli.

“Today’s actions targeting the Warzone RAT infrastructure and personnel are another example of our tenacious and unwavering commitment to dismantling the malware tools used by cyber criminals,” said acting US Attorney Joshua S. Levy for the District of Massachusetts in a statement.

“We will turn over every stone to prevent cyber criminals from attacking the integrity of our computer networks, and we will root out those who support such cyber criminals so they will be held accountable. Those who sell malware and support cyber criminals using it should know that they cannot hide behind their keyboards or international borders.”

AFP Commander Chris Goldsmid said the malware itself was cheap but remarkably powerful - it cost $25 in its cheapest version.

“For a small cost, individuals with nefarious intentions could purchase software that would allow them to gain access to a victim’s computer and personal information,” Commander Goldsmid said.

“Cybercrime is increasing in scale and frequency and it is important the public takes proactive steps to keep their personal information safe.”

UPDATED 13/02/24 to add AFP commentary

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.