This old time trojan was first spotted in 2013 and has remained one of the most prevalent malware families using multiple .NET obfuscation tools that make detection difficult for antivirus solutions and that hinder analysis by security researchers.
The malware also uses dynamic DNS for command-and-control (C2) servers and communicates using a custom TCP protocol over a configurable port
The new RAT variant added ransomware and bitcoin wallet stealing features which appear to contradict each other in practice.
“This is an interesting development, especially the ransomware feature, given that RATs by nature operate in stealth,” Desai said. “Ransomware on the other hand will reveal the infection.”
In addition, the njRAT variant has the capability of performing ARME and Slowloris DDoS attacks
The malware also has a WORM functionality to spread through USB
https://www.scmagazine.com/the-trojan-was-first-spotted-in-2013-and-has-remained-one-of-the-most-prevalent-malware-families-using-multiple-net-obfuscation-tools/article/755647/
No comments:
Post a Comment