TOP Malware Series: NjRAT Trojan
What is NjRAT?
NjRAT (also called Bladabindi and Njw0rm) is a Trojan-type malware that has the feature of remotely controlling infected machines. Due to its availability, a plethora of tutorials on platforms like YouTube, and a strong set of core features along with various evasion techniques implemented in the program, NjRAT became one of the most widely used and efficient RATs in the world.
This malware was first detected in the year 2013; however, the researchers observed relationships in its malware code detected in the year 2012. The largest increase in attacks by this Trojan was recorded in 2014 in the Middle East, which was the region most attacked by this malware in those years. It was also used for cyber espionage of rebels by different states.
Characteristics of NjRAT
- Remote Desktop and Active Window.
- Obtain configuration information from the victim machine.
- Remote execution of files.
- File manipulation.
- Run shell remotely.
- Run process manager.
- Modify the Windows registry.
- Activate the camera and microphone of the machine.
- Key logging (keylogger).
- Theft of passwords stored in browsers or other applications.
Distribution of NjRATs
NjRAT uses multiple attack vectors to reach as many machines as possible. One of the current forms of distribution is through the Discord platform.
Another method for spreading through the network is to compromise websites and create false alerts so that users can download product updates.
The use of massive email phishing campaigns is also another of its usual distribution methods.
Infection Flow
NjRAT Geographic Targets
Due to the popularity of NjRAT, this malware has been present in almost every country in the world. Especially in the Middle East countries, Europe, Asia and America.
Features
njRAT can:
- Remote into the victim’s desktop or the active window
- See the victim’s IP, full computer name, full username, OS, install date, and country
- Remotely execute a file from disk or URL
- Manipulate files
- Open a remote shell, allowing the attacker to use the command line
- Open a process manager to kill processes
- Manipulate the system registry
- Record the computer’s camera and microphone
- Log keystrokes
- Steal passwords stored in browsers or in other applications
- File Manager
- Process manager
- remote shell
- registry editor
- services
- connection
- run file
- remote desktop
- keylogger
- form grabber
- remote cam
- remote DDOS
- Microphone
- etc
njRAT New Changes
It has the following new updates for all:
- It comes with a DDOS attack
- It has an added built-in crypter
- It comes with a new interface
- It is smaller in size
- It is faster in speed
0
0