What is njRAT?
njRAT (S0385), also known as Bladabindi, is a Remote Access Trojan (RAT). It is popular among cybercriminals for its flexibility and ease of use.
This RAT provides attackers with complete control over an infected computer, enabling data theft and surveillance. Its capabilities include a keylogger for capturing credentials, webcam control, remote command execution, and using the infected machine to launch Distributed Denial-of-Service (DDoS) attacks.
How to Defend Against njRAT?
Defending against njRAT requires preventing the initial infection and detecting its command-and-control (C2) activity.
- Be cautious with email attachments and downloads, which are the primary delivery vectors for this RAT.
- Keep all operating systems and applications patched to limit the vulnerabilities that can be exploited for initial access.
- Deploy endpoint detection and antivirus protection to identify and block the execution of known RATs and their associated behaviors.
- Use network detection (NDR) with integrated threat intelligence to spot and block njRAT’s C2 communications.
