HOME

TheInfoList



Click Here for Items Related To - NjRAT
OR:
NjRAT on:   [Wikipedia]   [Google]   [Amazon]

njRAT, also known as Bladabindi, is a remote access tool (RAT) with user interface or
trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * '' Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 18 ...
which allows the holder of the program to control the end-user's computer. It was first found in June 2013 with some variants traced to November 2012. It was made by a hacking organization from different countries called M38dHhM and was often used against targets in the Middle East. It can be spread through phishing and infected drives. To date, there are many versions of this virus, the most famous of which is njRAT Green Edition.


About the program and its whereabouts

A surge of njRAT attacks was reported in India in July 2014. In an attempt to disable njRAT's capabilities, Microsoft took down four million websites in 2014 while attempting to filter traffic through no-ip.com domains. In March 2016,
Softpedia Softpedia is a software and tech news website based in Romania. It indexes, reviews and hosts downloadable software and reports news on technology and science topics. It is ranked as among of the top download portals on the internet. History So ...
reported that spam campaigns spreading remote access trojans such as njRAT were targeting
Discord Discord is an instant messaging and Voice over IP, VoIP social platform which allows communication through Voice over IP, voice calls, Videotelephony, video calls, text messaging, and digital media, media. Communication can be private or take ...
. In October 2020, Softpedia also reported the appearance of a cracked VMware download that would download njRAT via
Pastebin A pastebin or text storage site is a type of online content-hosting service where users can store plain text (e.g. source code snippets for code review via Internet Relay Chat (IRC)). The most famous pastebin is the eponymous pastebin.com. Ot ...
. Terminating the process would crash the computer. An
Islamic State The Islamic State (IS), also known as the Islamic State of Iraq and the Levant (ISIL), the Islamic State of Iraq and Syria (ISIS) and Daesh, is a transnational Salafi jihadism, Salafi jihadist organization and unrecognized quasi-state. IS ...
website was hacked in March 2017 to display a fake
Adobe Flash Player Adobe Flash Player (known in Internet Explorer, Firefox, and Google Chrome as Shockwave Flash) is a discontinuedExcept in China, where it continues to be used, as well as Harman for enterprise users. computer program for viewing multimedia ...
update download, which instead downloaded the njRAT trojan. In January 2023, outbreaks of Trojan infections were seen in the Middle East. The attackers used .cab files with supposedly political conversation, when opened, they launched a .vbs script that downloaded malware from the cloud.


Architecture

NjRAT, like many remote access trojans, works on the principle of a reverse backdoor, that is, it requires open ports on the attacker's computer. After creating the malware (client) and opening it, the attacker's server receives a request from the client side. After a successful connection, the attacker can control the victim's computer by sending commands to the server when the client part processes them.


Detections

Common antivirus tags for NjRAT are as follows: *W32.Backdoor.Bladabindi *Backdoor.MSIL.Bladabindi *Backdoor/Win.NjRat.R512373 The standard version of the Trojan lacks encryption algorithms, which is why it can be easily detected by antivirus. However, an attacker can encrypt it manually, so that it will not be detected by popular antivirus software.


References

{{reflist 2012 in computing Windows trojans