njRAT
njRAT, also known as Bladabindi,[1] is a remote access tool (RAT) or trojan which allows the holder of the program to control the end-user's computer. It was first found in June 2013 with some variants traced to November 2012. It was made by a hacking organization from different countries called M38dHhM and was often used against targets in the Middle East. It can be spread through phishing and infected drives. [2]
About the program and its whereabouts
A surge of njRAT attacks was reported in India in July 2014.[3] In an attempt to disable njRAT's capabilities, Microsoft took down four million websites in 2014 while attempting to filter traffic through no-ip.com domains.[4]
In March 2016, Softpedia reported that spam campaigns spreading remote access trojans such as njRAT were targeting Discord.[5] In October 2020, Softpedia also reported the appearance of a cracked VMware download that would download njRAT via Pastebin. Terminating the process would crash the computer.[6]
An Islamic State website was hacked in March 2017 to display a fake Adobe Flash Player update download, which instead downloaded the njRAT trojan.[7]
Features
- Manipulate files
- Open a remote shell, allowing the attacker to use the command line
- Open a process manager to kill processes
- Manipulate the system registry
- Record the computer's camera and microphone
- Log keystrokes
- Steal passwords stored in web browsers or in other applications-.3
References
- ↑ "MSIL/Bladabindi". Microsoft. https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=MSIL/Bladabindi. Retrieved 5 June 2017.
- ↑ "RAT v0.7d Edition by HiDDen PerSOn". https://www.blackhatrussia.com/1314-rat-v07d-edition-by-hidden-person.html.
- ↑ "Hacking virus 'Bladabindi' targets Windows users in India, steals personal info: Cert-In - Tech2". 27 July 2014. http://tech.firstpost.com/news-analysis/hacking-virus-bladabindi-targets-windows-users-in-india-steals-personal-info-cert-in-227963.html. Retrieved 5 June 2017.
- ↑ Krebs, Brian. "Microsoft Darkens 4MM Sites in Malware Fight — Krebs on Security". https://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/#more-26708. Retrieved 5 June 2017.
- ↑ Cimpanu, Catalin. "VoIP Gaming Servers Abused to Spread Remote Access Trojans (RATs)". http://news.softpedia.com/news/gaming-voip-servers-abused-to-spread-remote-access-trojans-rats-509496.shtml. Retrieved 5 June 2017.
- ↑ Cimpanu, Catalin. "RAT Hosted on PasteBin Leads to BSOD". http://news.softpedia.com/news/rat-hosted-on-pastebin-leads-to-bsod-509803.shtml. Retrieved 5 June 2017.
- ↑ Cox, Joseph. "Hackers Hit Islamic State Site, Use It to Spread Malware". https://motherboard.vice.com/en_us/article/hackers-islamic-state-malware. Retrieved 5 June 2017.
Original source: https://en.wikipedia.org/wiki/NjRAT.
Read more |