Malware

NJRat making a comeback, researchers observe

NJRat – a remote access trojan – is making a comeback, according to researchers with PhishMe.

The malware is being delivered via an email purportedly from eDisk, according to a Thursday post by Ronnie Tokazowski, senior researcher with PhishMe. The message in the email states that a professional gamer has sent a link to a file stored on the online storage service.

Clicking the link brings the user to a page where they can download a file named 'NFSW_Car_Changer.exe,' which is actually the threat, the post indicates.

“The executable is compiled with .NET 4.0,” Tokazowski wrote. “This is worth mentioning because most of the malware today is written in C/C++. The biggest benefit for malware to be written in .NET is that it can be difficult to decode and see what is truly going on.”

Related

Novel malware leveraged in Cloud Atlas attacks

Attacks with the new VBCloud malware have been deployed by Russian state-backed threat operation Cloud Atlas, also known as Clean Ursa, Oxygen, Inception, and Red October, to facilitate data theft against dozens of users, most of whom are in Russia, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds