From Wikipedia, the free encyclopedia
  (Redirected from Njrat)
Jump to navigation Jump to search

'Bold text njRAT, also known as Bladabindi,[1] is a remote access tool (RAT) or trojan which allows the holder of the program to control the end-user's computer. It was first found in June 2013 with some variants traced to November 2012. It was made by a hacking organization from different countries called Sparclyheason and was often used against targets in the Middle East. It can be spread through phishing and infected drives. [2]

About the program and its whereabouts[edit]

A surge of njRAT attacks was reported in India in July 2014.[3] In an attempt to disable njRAT's capabilities, Microsoft took down four million websites in 2014 while attempting to filter traffic through no-ip.com domains. [4]

In March 2016, Softpedia reported that spam campaigns spreading remote access trojans such as njRAT were targeting Discord.[5] In October 2016, Softpedia also reported the appearance of a cracked VMware download that would download njRAT via Pastebin. Terminating the process would crash the computer.[6]

An Islamic State website was hacked in March 2017 to display a fake Adobe Flash Player update download, which instead downloaded the njRAT trojan.[7]


njRAT can:

  • Remote into the victim's desktop or active window
  • See the victim's IP address, computer name, username, operating system, install date, and country
  • Remotely execute a file from disk or URL
  • Manipulate files
  • Open a remote shell, allowing the attacker to use the command line
  • Open a process manager to kill processes
  • Manipulate the system registry
  • Record the computer's camera and microphone
  • Log keystrokes
  • Steal passwords stored in web browsers or in other applications


  1. ^ "MSIL/Bladabindi". www.microsoft.com. Microsoft. Retrieved 5 June 2017.
  2. ^ https://www.blackhatrussia.com/1314-rat-v07d-edition-by-hidden-person.html
  3. ^ "Hacking virus 'Bladabindi' targets Windows users in India, steals personal info: Cert-In - Tech2". Tech2. 27 July 2014. Retrieved 5 June 2017.
  4. ^ Krebs, Brian. "Microsoft Darkens 4MM Sites in Malware Fight — Krebs on Security". krebsonsecurity.com. Retrieved 5 June 2017.
  5. ^ Cimpanu, Catalin. "VoIP Gaming Servers Abused to Spread Remote Access Trojans (RATs)". Softpedia. Retrieved 5 June 2017.
  6. ^ Cimpanu, Catalin. "RAT Hosted on PasteBin Leads to BSOD". Softpedia. Retrieved 5 June 2017.
  7. ^ Cox, Joseph. "Hackers Hit Islamic State Site, Use It to Spread Malware". Motherboard. Retrieved 5 June 2017.

popular program that is used by hackers'Bold text