The Justice Department announced on February 6, 2025, that, as part of an international law enforcement effort, federal authorities in Boston seized internet domains used to sell computer malware used by cybercriminals to access and steal data from victims’ computers secretly.
Federal authorities in Atlanta and Boston also unsealed indictments charging individuals in Malta and Nigeria, respectively, for their alleged involvement in selling the malware and supporting cybercriminals seeking to use it for malicious purposes.
Federal authorities in Boston seized www.warzone.ws and three related domains, which offered for sale the Warzone RAT malware — a sophisticated remote access trojan (RAT) capable of enabling cybercriminals to connect to victims’ computers for malicious purposes surreptitiously.
According to court documents authorising the seizures, the Warzone RAT provided cybercriminals the ability to browse victim file systems, take screenshots, record keystrokes, steal victim usernames and passwords, and watch victims through their web cameras, all without the victims’ knowledge or permission.
Investigations by the FBI Boston and Atlanta Field Offices also led to two indictments against individuals involved in selling and supporting the Warzone RAT and other malware.
Daniel Meli, 27, of Zabbar, Malta, was arrested on Feb. 7 at the request of the United States, following a coordinated operation by the Malta Police Force and the Office of the Attorney General of Malta, with the support of the FBI and the Justice Department.
Meli made his initial appearance before a Magistrate Judge in Valletta, Malta. Meli was indicted by a federal grand jury in the Northern District of Georgia on December 12, 2023, for four offences, including causing unauthorised damage to protected computers, illegally selling and advertising an electronic interception device, and participating in a conspiracy to commit several computer intrusion offences.
According to charging documents, since at least 2012, Meli offered malware products and services for sale to cybercriminals through online computer-hacking forums.
Specifically, Meli allegedly assisted cybercriminals seeking to use RATs for malicious purposes and offered teaching tools for sale, including an eBook. Meli also allegedly sold both the Warzone RAT and, before that, malware known as the Pegasus RAT, which he sold through an online criminal organisation called Skynet-Corporation. He also provided online customer support to purchasers of both RATs.
The Northern District of Georgia seeks Meli’s extradition to the United States.
Separately, Prince Onyeoziri Odinakachi, 31, of Nigeria, was indicted by a federal grand jury in the District of Massachusetts on January 30 for conspiracy to commit multiple computer intrusion offences, including obtaining authorised access to protected computers to obtain information and causing unauthorised damage to protected computers.
According to charging documents, between June 2019 and no earlier than March 2023, Odinakachi provided online customer support to individuals who purchased and used the Warzone RAT malware. Law enforcement officers of the Port Harcourt Zonal Command of Nigeria’s Economic and Financial Crimes Commission arrested Odinakachi on February 7.
The disruption of the Warzone RAT infrastructure resulted from an international law enforcement effort led by FBI special agents in Boston and Atlanta, which coordinated with international partners in large part through Europol.
According to court documents, in addition to discovering instances of the Warzone RAT being used to attack victim computers in Massachusetts, the FBI covertly purchased and analysed the Warzone RAT malware, confirming its multiple malicious functions. Separately, law enforcement partners in Canada, Croatia, Finland, Germany, the Netherlands, and Romania provided valuable assistance securing the servers hosting the Warzone RAT infrastructure.
The charges of conspiracy, obtaining authorized access to protected computers to obtain information, illegally selling an interception device, and illegally advertising an interception device each provide for a sentence of up to five years in prison, three years of supervised release and a fine of $250,000, or twice the gross gain or loss, whichever is greater.
The charge of causing unauthorised damage to protected computers provides for a sentence of up to 10 years in prison, three years of supervised release, and a fine of $250,000, or twice the gross gain or loss, whichever is greater.
