njRAT

From HandWiki
Short description: Remote access tool

njRAT, also known as Bladabindi,[1] is a remote access tool (RAT) or trojan which allows the holder of the program to control the end-user's computer. It was first found in June 2013 with some variants traced to November 2012. It was made by a hacking organization from different countries called M38dHhM and was often used against targets in the Middle East. It can be spread through phishing and infected drives. [2]

About the program and its whereabouts

A surge of njRAT attacks was reported in India in July 2014.[3] In an attempt to disable njRAT's capabilities, Microsoft took down four million websites in 2014 while attempting to filter traffic through no-ip.com domains.[4]

In March 2016, Softpedia reported that spam campaigns spreading remote access trojans such as njRAT were targeting Discord.[5] In October 2020, Softpedia also reported the appearance of a cracked VMware download that would download njRAT via Pastebin. Terminating the process would crash the computer.[6]

An Islamic State website was hacked in March 2017 to display a fake Adobe Flash Player update download, which instead downloaded the njRAT trojan.[7]

Features

  • Manipulate files
  • Open a remote shell, allowing the attacker to use the command line
  • Open a process manager to kill processes
  • Manipulate the system registry
  • Record the computer's camera and microphone
  • Log keystrokes
  • Steal passwords stored in web browsers or in other applications-.3

References

  1. "MSIL/Bladabindi". Microsoft. https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=MSIL/Bladabindi. Retrieved 5 June 2017. 
  2. "RAT v0.7d Edition by HiDDen PerSOn". https://www.blackhatrussia.com/1314-rat-v07d-edition-by-hidden-person.html. 
  3. "Hacking virus 'Bladabindi' targets Windows users in India, steals personal info: Cert-In - Tech2". 27 July 2014. http://tech.firstpost.com/news-analysis/hacking-virus-bladabindi-targets-windows-users-in-india-steals-personal-info-cert-in-227963.html. Retrieved 5 June 2017. 
  4. Krebs, Brian. "Microsoft Darkens 4MM Sites in Malware Fight — Krebs on Security". https://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/#more-26708. Retrieved 5 June 2017. 
  5. Cimpanu, Catalin. "VoIP Gaming Servers Abused to Spread Remote Access Trojans (RATs)". http://news.softpedia.com/news/gaming-voip-servers-abused-to-spread-remote-access-trojans-rats-509496.shtml. Retrieved 5 June 2017. 
  6. Cimpanu, Catalin. "RAT Hosted on PasteBin Leads to BSOD". http://news.softpedia.com/news/rat-hosted-on-pastebin-leads-to-bsod-509803.shtml. Retrieved 5 June 2017. 
  7. Cox, Joseph. "Hackers Hit Islamic State Site, Use It to Spread Malware". https://motherboard.vice.com/en_us/article/hackers-islamic-state-malware. Retrieved 5 June 2017. 



Retrieved from "https://handwiki.org/wiki/index.php?title=NjRAT&oldid=2650848"