njRAT, also known as Bladabindi,[1] is a remote access tool (RAT) with user interface or trojan which allows the holder of the program to control the end-user's computer. It was first found in June 2013 with some variants traced to November 2012. It was made by a hacking organization from different countries called M38dHhM and was often used against targets in the Middle East. It can be spread through phishing and infected drives. To date, there are many versions of this virus, the most famous of which is njRAT Green Edition.
A surge of njRAT attacks was reported in India in July 2014.[2] In an attempt to disable njRAT's capabilities, Microsoft took down four million websites in 2014 while attempting to filter traffic through no-ip.com domains.[3]
In March 2016, Softpedia reported that spam campaigns spreading remote access trojans such as njRAT were targeting Discord.[4] In October 2020, Softpedia also reported the appearance of a cracked VMware download that would download njRAT via Pastebin. Terminating the process would crash the computer.[5]
An Islamic State website was hacked in March 2017 to display a fake Adobe Flash Player update download, which instead downloaded the njRAT trojan.[6]
In January 2023, outbreaks of Trojan infections were seen in the Middle East. The attackers used .cab files with supposedly political conversation, when opened, they launched a .vbs script that downloaded malware from the cloud.[7]
Architectureedit
NjRAT, like many remote access trojans, works on the principle of a reverse backdoor, that is, it requires open ports on the attacker's computer. After creating the malware (client) and opening it, the attacker's server receives a request from the client side. After a successful connection, the attacker can control the victim's computer by sending commands to the server when the client part processes them.
Featuresedit
The following list of features is not exhaustive, but is critical to understanding the capabilities of this Trojan.
Are common
Manipulate files
Open a remote shell, allowing the attacker to use the command line
The standard version of the Trojan lacks encryption algorithms, which is why it can be easily detected by antivirus. However, an attacker can encrypt it manually, so that it will not be detected by popular antivirus software.
Referencesedit
^"MSIL/Bladabindi". www.microsoft.com. Microsoft. Retrieved 5 June 2017.
^"Hacking virus 'Bladabindi' targets Windows users in India, steals personal info: Cert-In - Tech2". Tech2. 27 July 2014. Retrieved 5 June 2017.
^Krebs, Brian. "Microsoft Darkens 4MM Sites in Malware Fight — Krebs on Security". krebsonsecurity.com. Retrieved 5 June 2017.
^Cimpanu, Catalin. "VoIP Gaming Servers Abused to Spread Remote Access Trojans (RATs)". Softpedia. Retrieved 5 June 2017.
^Cimpanu, Catalin. "RAT Hosted on PasteBin Leads to BSOD". Softpedia. Retrieved 5 June 2017.
^Cox, Joseph. "Hackers Hit Islamic State Site, Use It to Spread Malware". Motherboard. Retrieved 5 June 2017.
^"Trojan NjRAT "walks" in the Middle East and North Africa - Security Lab". Security Labs. Retrieved 5 June 2017.
January 01, 1970
njrat, also, known, bladabindi, remote, access, tool, with, user, interface, trojan, which, allows, holder, program, control, user, computer, first, found, june, 2013, with, some, variants, traced, november, 2012, made, hacking, organization, from, different, . njRAT also known as Bladabindi 1 is a remote access tool RAT with user interface or trojan which allows the holder of the program to control the end user s computer It was first found in June 2013 with some variants traced to November 2012 It was made by a hacking organization from different countries called M38dHhM and was often used against targets in the Middle East It can be spread through phishing and infected drives To date there are many versions of this virus the most famous of which is njRAT Green Edition NjRATDeveloper s M38dHhMFinal release0 7dWritten inVisual Basic NETOperating systemMicrosoft WindowsTypeRemote Administration Tool RAT Contents 1 About the program and its whereabouts 2 Architecture 3 Features 4 Versions 5 Detections 6 ReferencesAbout the program and its whereabouts editA surge of njRAT attacks was reported in India in July 2014 2 In an attempt to disable njRAT s capabilities Microsoft took down four million websites in 2014 while attempting to filter traffic through no ip com domains 3 In March 2016 Softpedia reported that spam campaigns spreading remote access trojans such as njRAT were targeting Discord 4 In October 2020 Softpedia also reported the appearance of a cracked VMware download that would download njRAT via Pastebin Terminating the process would crash the computer 5 An Islamic State website was hacked in March 2017 to display a fake Adobe Flash Player update download which instead downloaded the njRAT trojan 6 In January 2023 outbreaks of Trojan infections were seen in the Middle East The attackers used cab files with supposedly political conversation when opened they launched a vbs script that downloaded malware from the cloud 7 Architecture editNjRAT like many remote access trojans works on the principle of a reverse backdoor that is it requires open ports on the attacker s computer After creating the malware client and opening it the attacker s server receives a request from the client side After a successful connection the attacker can control the victim s computer by sending commands to the server when the client part processes them Features editThe following list of features is not exhaustive but is critical to understanding the capabilities of this Trojan Are common Manipulate files Open a remote shell allowing the attacker to use the command line Open a process manager to kill processes Manipulate the system registry Record the computer s camera and microphone Log keystrokes Remote desktop management of a search box and keyboard obtaining a monitor image Steal passwords stored in web browsers or in other applications Green Edition Change icon when creating a virus Some comic functions of the fun section Golden Edition Port check Selecting the connection protocol TCP or UDP prohibition of processes by the method of interval closure Danger Edition Ability to add a password to the server News window Artificially increase the weight of the final virus Possibility to add the function of prohibiting processes to the virus Changeable DNS server persistence featureVersions edit nbsp NjRAT Green Edition njRAT 0 11G njRAT 0 7d njRAT 0 7d Green Edition njRAT 0 7d Golden Edition njRAT 0 7d Danger Edition njRAT 0 7d Lime Edition njRAT 0 7d Platinum Edition njRAT 0 7d Ultimate Edition njRat 0 7d Horror Edition njRat 0 7d Red Edition njRat 0 7d 808Detections editCommon antivirus tags for NjRAT are as follows W32 Backdoor Bladabindi Backdoor MSIL Bladabindi Backdoor Win NjRat R512373 The standard version of the Trojan lacks encryption algorithms which is why it can be easily detected by antivirus However an attacker can encrypt it manually so that it will not be detected by popular antivirus software References edit MSIL Bladabindi www microsoft com Microsoft Retrieved 5 June 2017 Hacking virus Bladabindi targets Windows users in India steals personal info Cert In Tech2 Tech2 27 July 2014 Retrieved 5 June 2017 Krebs Brian Microsoft Darkens 4MM Sites in Malware Fight Krebs on Security krebsonsecurity com Retrieved 5 June 2017 Cimpanu Catalin VoIP Gaming Servers Abused to Spread Remote Access Trojans RATs Softpedia Retrieved 5 June 2017 Cimpanu Catalin RAT Hosted on PasteBin Leads to BSOD Softpedia Retrieved 5 June 2017 Cox Joseph Hackers Hit Islamic State Site Use It to Spread Malware Motherboard Retrieved 5 June 2017 Trojan NjRAT walks in the Middle East and North Africa Security Lab Security Labs Retrieved 5 June 2017 Retrieved from https en wikipedia org w index php title NjRAT amp oldid 1207342901, wikipedia, wiki, book, books, library,
