Read time: 3 minutes

Malware ‘njRAT’ gains popularity among Arabic speaking hackers

By , Editor, ITWeb Africa
Africa , 03 Apr 2014

Malware ‘njRAT’ gains popularity among Arabic speaking hackers

Arabic speaking hackers are turning to malware dubbed ‘njRAT’ to target civilians and governments in North Africa and the Middle East, says global cybersecurity firm Symantec.

njRAT is similar in capability to remote access tools (RATs) that can be used to control networks of computers, known as botnets, in activities such as spying on webcams or taking screenshots of victims’ computers, says Symantec in a press statement.

However, Symantec says that what differs njRAT from other RAT malware is its support and even development by Arabic speakers.

Symantec notes it has analysed 721 samples of njRAT and “uncovered a fairly large number of infections, with 542 control-and-command (C&C) server domain names found and 24,000 infected computers worldwide.”

Also, the company says almost 80% of the C&C servers are located in the Middle East and North Africa, in countries such as Saudi Arabia, Iraq, Tunisia, Egypt, Algeria, Morocco, the Palestinian Territories and Libya.

“Symantec has identified 487 groups of attackers mounting attacks using njRAT,” says the company in a statement.

“These attacks appear to have different motivations, which can be broadly classed as hacktivism, information theft, and botnet building,” adds Symantec.

The company adds that njRAT is “not new on the cybercrime scene” as it has been publicly available since June 2013, and three versions have already been released.

All versions of the malware, though, can be propagated through infected USB keys or networked drives adds the company.

“Symantec anticipates that such groups will eventually depart from using publicly available tools like njRAT and begin to develop their own tools and more advanced RATs for cyberattacks,” adds the company.

Daily newsletter