Buzz
Also known as Bladabindi, njRAT emerged around 2013 and stands as one of the most prevalent malware today. Integrated into the .NET Framework, this malicious software empowers attackers with remote control over infected systems, utilizing dynamic DNS for Command-and-Control (C&C), and employing customizable TCP protocol on configured ports for communication.
njRAT ransomware is adept at stealing virtual currency.
Known as the njRAT Lime Edition, this new malicious software version supports spreading ransomware, a Bitcoin grabber, and launching DDoS attacks. It also has the capability to record keystrokes, propagate through USB drives, steal passwords, and lock screens.
The malicious software compiles a list of running processes on the victim's computer and uses this list to monitor virtual currency wallets. Virtual currencies and user financial information, including bank accounts, debit cards, and credit cards, remain top priorities for cybercriminals.
Zscaler researchers state that once the system is infected, this malicious software will check virtual machines and sandbox environments, collecting extensive system information, such as system name, usernames, Windows version and architecture, webcam presence, active windows, CPU, video card, memory, partition information, antivirus settings, and infection time.
Additionally, this malicious software monitors the system and specific security-related processes, attempting to terminate these processes to avoid detection.
Security experts also indicate that the new njRAT ransomware can initiate ARME and Slowloris DDoS attacks. The Slowloris tool allows throttling a server with minimal bandwidth while maintaining numerous connections to the target web server. ARME attacks also deplete server memory.
Upon receiving commands from the C&C, the malicious software can erase Chrome cookies and saved logins, turn off the screen, use TextToSpeech to announce text received from the C&C, restore normal mouse button functionality, activate the task manager, change the wallpaper, log in from the foreground window, share, torrent file downloads, and initiate Slowloris attacks.
Furthermore, this malicious software will issue ransom demands, restart the computer, disable the Command Prompt, delete event records, kill Bitcoin monitoring processes, start botkiller, send system information (CPU/GPU/RAM), check installed Bitcoin wallets, and send information to the C&C, download plugins, and configure those plugins with the C&C server.
njRAT also has the ability to spread like a worm. It can monitor the system to track connected USB drives and copy, creating a shortcut using folder icons.
The ransomware function of this malicious software encrypts user files and adds the .lime extension to them. The malicious software utilizes the symmetric AES-256 algorithm for encryption, meaning it can use the same key for decryption.
'During Lime's initial execution, it will invoke the RandomString() function used to generate an AES key. This function creates a 50-byte array from the input string using a random index, and uses the random() function to fetch a character and store it in the output string,' explained Zscaler researchers.
Additionally, researchers have identified functions to decrypt files encrypted by the Lime ransomware, embedded within the malicious software.
As you are aware, there are numerous cryptocurrency exchanges established to meet the global demand for buying and exchanging various cryptocurrencies. Each cryptocurrency exchange has its own strengths, so choose the most reputable and suitable cryptocurrency exchange for yourself.
Snapchat, a widely popular image messaging app globally, is stepping up its game to compete with other messaging, chatting, and social networking apps on both mobile and computer platforms. Recently, Snapchat introduced the capability for group video calls with up to 16 participants, allowing users to interact like a virtual meeting among its members.
