Warzone RAT Masters Arrested and Charged

The operation of US Department of Justice resulted in the indictment of two key figures. Daniel Meli, 27, of Zabbar, Malta, and Prince Onyeosiri Odinakachi, 31, of Nigeria. Meli was detained in Malta, facing charges of unauthorized computer damage and selling electronic interception devices. Odinakachi, arrested in Nigeria, is charged with conspiracy to commit computer intrusion offenses.

These arrests are the result of international cooperation in combating this threat. The success of the operation was largely due to the collaborative efforts of various international law enforcement agencies, including the FBI, Europol, the Economic and Financial Crimes Commission of Nigeria, and others. This coordinated approach has helped in the fight against cybercrime, which is increasingly borderless.

Implications and Sentencing

The charges against Meli and Odinakachi carry penalties of up to five years in prison, three years of parole, and a $250,000 fine. These lawsuits send a strong message to cybercriminals and those who facilitate their activities. Certainly, the international community is taking strong action to protect cyber integrity and hold criminals accountable.

James R. Drabick and Carol E. Head, who are Assistant U.S. Attorneys for the District of Massachusetts, obtained seizure warrants for Odinakachi. Drabick is also prosecuting the case against Odinakachi. Meanwhile, Bethany L. Rupert and Michael Herskowitz, who are Assistant U.S. Attorneys for the Northern District of Georgia, are prosecuting Meli.

What is Warzone RAT?

Warzone RAT is a malicious remote access tool that allows unauthorized users to secretly access and control victims’ computers. The malware has facilitated a range of illegal activities, from data theft to webcam surveillance, without the knowledge or consent of victims. In early 2024, Warzone malware was marketed at $37.95 per month, and was primarily sold to individuals through the clear web page.

The overall action around Warzone is most likely to be a part of an anti-spyware policy wave that was raised in early February 2024. A number of governments across the globe, together with major security vendors, started the campaign against “legal spyware”. That includes both government-backed vendors of such malware and handymen who market malicious programs under the guise of legit surveillance tools. Such people will be detained or at least banned from entering the countries that participate in the campaign. The story around Warzone RAT may be not a major, but still a part of the action.

The post Warzone RAT Dismantled, Members Arrested appeared first on Gridinsoft Blog.

US and UK Authorities Uncover 11 More Russian Hackers Related to Conti And TrickBot

Notice regarding joint operations between American and British authorities appeared on several sites simultaneously. As in the previous case of sanctions towards russian hackers, US Treasury and UK National Crime Agency released statements regarding it. They successfully managed to uncover the personalities of 11 individuals that are related to the Trickbot/Conti cybercriminal gang.

Authorities have found and proven the relation of the accused individuals to attacks on UK and US government and educational organisations, hospitals and companies. This in total led to a net loss of £27 million in the UK only, and over $800 million around the world. Despite the formal Conti group dissolution in June 2022, members remained active under the rule of other cybercriminal groups.

Authorities Published Hackers’ Personal Data

What may be the best revenge to someone fond of compromising identities than compromising their own identity? Authorities involved in the investigation and judgement probably think the same, as they have published detailed information about each of 11 sanctioned hackers.

What is the Conti/TrickBot group?

As cybercrime gangs are commonly named by their “mainstream” malware, the Conti gang was mostly known for their eponymous ransomware. But obviously, that was not the only payload they were using in their attacks. Throughout its lifetime, Conti was working with, or even directly using several stealer families. Among them is an infamous QakBot, whose botnet was hacked and dismantled at the edge of summer 2023, and TrickBot. They were mostly known as stand-alone names, besides being actively used in collaboration with different ransomware gangs, including Conti.

QakBot is an old-timer of the malware scene. Emerged in 2007 as Pinkslipbot, it quickly became successful as infostealer malware. With time, it was updated with new capabilities, particularly ones that make it possible to use it as an initial access tool/malware delivery utility. This predetermined the fate of this malware – it is now more known as a loader, than a stealer or spyware. Although it may be appropriate to speak of QBot in the past tense, as its fate after the recent botnet shutdown is unclear.

Trickbot’s story is not much different. The only thing in difference is its appearance date – it was first noticed in 2016. Rest of the story repeats – once an infostealer, then a modular malware that can serve as initial access tool and loader. Some cybercriminals who stand after Trickbot were already sanctioned – actually, they are the first sanctioned hackers ever.

Are sanctions seriously threatening hackers?

Actually, not much. Sanctions are not a detainment, thus the only thing they lose is property in the US and the UK. Though, I highly doubt that any of those 11 guys had any valuable property kept in the countries they were involved in attacks on. All this action is mostly a message to other hackers – “you are not as anonymous as you think you are, and not impunable.”. The very next step there may be their arrest – upon the fact of their arrival to the US/UK, or countries that assist them in questions of cybercrime investigation. But once again – I doubt they’re reckless enough to show up in the country where each police station has their mugshot pinned to the wanted deck.

The post NCA and DoJ Introduce New Sanctions Against Conti/Trickbot Hackers appeared first on Gridinsoft Blog.

A historic legal event took place when, after accusations of unlawful discrimination put in the design of the targeted advertising system employed by Meta, the company agreed to cease using the tool and pay the penalty of around $115,000.

The source of the news is the June 21 official statement of the U.S. Department of Justice.

The Department of Housing and Urban Development (HUD) has investigated discrimination in Meta ad-serving software. The official charge (of discrimination) issued by HUD on On March 28, 2019 was a nudge to start the disputed lawsuit. The fact is that in order to select the audience for advertisements for the sale and rental of housing, the Meta ad distribution system employs the criteria mentioned in the Civil Rights Act of 1968, namely its eighth and ninth parts, also known as Fair Housing Act. This law states that the sale or rental of housing must not involve discrimination on the part of the property owner, and this applies to both the transactions themselves and the advertising that precedes them. Advertising must not discriminate against the audience based on race, sex, gender, religion, sexual orientation, etc. The prosecution argues that this is exactly what happens when the ad targeting system, based on the data mentioned, does not allow part of the audience to see some ads at all. At the same time, people are not even aware of such filtering.

Significantly, this is the first time the law has been applied to digital advertising and digital targeting mechanisms. The U.S. Department of Justice noted that the Meta agreed to develop a new tool under the supervision of the DoJ. The new product must exclude discrimination and be built on other filtering criteria. The U.S. Attorney for the Southern District of New York, Damian Williams, said that if Meta continues to use discriminatory technologies, the civil rights lawsuit will not be dismissed and litigation will continue.

For the time being, Meta has a settlement of the lawsuit and seven months (until December 31) to come up with the revised ad-targeting tool. Otherwise, the corporation would have to stand before a federal court.

The post Meta to Give up its Discriminating Ad-Targeting System appeared first on Gridinsoft Blog.

The Nintendo Hacker keeps going

As reported by SecurityLab in February of this year, Gary Bowser was sentenced to three years in prison for participating in the Team Xecuter hacker group, which sold hacked Nintendo consoles that can play pirated games. However, Bowser’s partner, group leader Max Louarn, is still at large. Despite legal troubles and even an arrest in Tanzania, the 50-year-old Frenchman is enjoying life with his girlfriend, a former model from Russia, in the picturesque town of Avignon in southern France.

Louarn became interested in hacking in the 1980s. At first, he hacked into his Commodore 64 home computer for fun, but a harmless hobby eventually grew into a good source of income. “I wasn’t going to be an engineer with a salary of 5,000 euros a month when I realized at the age of 18 that hacking is not only fun but also brings a lot of money. Steal from companies that earn billions, why not? The hacker admitted to Le Monde in a recent interview.

MAXiMiLiEN (Luarne’s hacker alias from the 1990s) sold hacked games, key generators and software until 1993 when he was arrested on piracy charges…by Nintendo! The hacker flew to Spain, but law enforcement lured him to the US by sending a fake invitation to a birthday party on behalf of his friend. As soon as Luarne got off the plane, he was immediately arrested.

The court pleaded the Frenchman guilty and made him serve five years in an American prison. In 2005, Sony sued the hacker, accusing him of piracy and demanding $5 million in damages. As Luarne says, Nintendo considers him a sworn enemy.

“They hate me. I bet they have a photo of me nailed in their office in Tokyo,” — the hacker laughs.

Bowser is not going to deny his ideas

However, he himself considers himself not a villain, but rather a rebel. “We have always stood for freedom. This is our way of thinking: to do whatever we want with the machines, and that everyone has access to them, ”Luarne said.

It is noteworthy that the hacker himself denies his connection with Team Xecuter, although, as part of an agreement on cooperation with the investigation, Gary Bowser called him his accomplice. Now the Frenchman is hunted not only by Nintendo, but also the US Department of Justice. As mentioned, Luarne was arrested in Tanzania in 2020 but was released after a court found his arrest illegal. On a private jet, the hacker managed to escape from the FBI and fly to France.

NEW: Gary Bowser agrees to pay Nintendo $10 million in video game piracy civil lawsuit. This follows Bowser's guilty plea in October in the federal criminal case against him (where he agreed pay Nintendo $4.5 million in restitution.) https://t.co/zohn0SPHnH pic.twitter.com/KMJro3l8Zw

— Rob Romano (@2Aupdates) December 6, 2021

Although Luarne lives a comparatively free life at home, his overseas bank accounts and cryptocurrency wallets are frozen, and the legal vise is tightening. Be that as it may, the hacker does not intend to give up. According to him, US laws protect the interests of large corporations and are “ready to destroy competitors by covering simple commercial disputes with criminal law. Now it would be more difficult to serve the sentence, because I have to take care of my father. I have a 16-year-old daughter and will soon have a second child,” notes Luarn.

Ideological hackers are pretty rare nowadays. The crooks you will likely spectate these days come into this profession chasing for money, and having no clue about the ideas like the ones which guided Mr. Bowser. Sure, you still can spectate the gangs like LockBit – that have a list of the companies they will never attack, and practice the methods of so-called “ethical hacking”. Still, there are much more groups that attack whoever and even apply the sliest ways of money extortion.

The post Team Xecuter’s life. How hackers leave after the arrest? appeared first on Gridinsoft Blog.