Symantec Says that around 487 Gangs of Cybercriminal Use Infamous njRAT Malware
Symantec, a Security firm, has discovered 487 groups actively using njRAT malware, a remote access tool or RAT, and claimed that the malicious users have infected more than 20,000 machines worldwide.
Three versions of njRAT have been unleashed till now. While it was released in public in June 2013 but experts have spotted a version dated November 2012 which means that the threat was employed in closed circles preceding to its launch publicly.
Symantec says that njRAT has the capability to download and execute extra malware, shell commands, reading and writing of registry keys and capturing of screenshots. Additionally, it can record keystrokes and spy on web-cameras and it spreads using tainted USB keys and networked drives.
Humanipo.com reported on 3rd April, 2014 quoting Symantec as "The malware can be used to control networks of computers also called 'botnets'. Most cybercriminals using njRAT seem to be engaged in ordinary cybercriminal activity but there are also facts which confirm that many gangs have employed this malware to aim governments in the region."
Securityweek.com published news on 31st March, 2014 quoting Security Response Team of Symantec as "The key reason for popularity of njRAT in Middle Eastern and North African regions is the vast online community giving support through directions and tutorials for the development of the malware. The author of the malware appears to be from the area as njRAT seems to have been penned by a Kuwaiti individual who has Twitter handle@njq8. The account has been employed to provide updates when new editions of the malware are accessible to download."
The company observes that 721 samples of njRAT have been evaluated and discovered huge infectivity caused by it such as 542 control-and-command (C&C) server domain names and 24,000 infected computers worldwide.
Most of them (80%) are found to be in countries like Saudi Arabia, Iraq, Tunisia, Egypt, Algeria, Morocco, Palestine and Libya.
Allafrica.com published a report on 2nd April, 2014 stating a conclusion by Symantec as "As big numbers of attackers of Middle East carry on to use njRAT owing to its accessibility, Symantec anticipates to find newer ways of obfuscating the malware to avoid detection of antivirus software."
» SPAMfighter News - 09-04-2014