All the latest UK technology news, reviews and analysis


Middle Eastern hackers use remote access Trojan to infect 24,000 machines worldwide

01 Apr 2014
Malware cyber criminal

Security firm Symantec has uncovered 487 groups actively using njRAT malware, claiming the malicious users have managed to infect 24,000 machines worldwide.

Symantec threat lab researchers reported the campaigns in a blog post, confirming the hackers are using the njRAT malware for a variety of purposes.

"Symantec has identified 487 groups of attackers mounting attacks using njRAT. These attacks appear to have different motivations, which can be broadly classed as hacktivism, information theft and botnet building," the researchers said.

"The malware can be used to control networks of computers, known as botnets. While most attackers using njRAT appear to be engaged in ordinary cyber-criminal activity, there is also evidence that several groups have used the malware to target governments in the region."

Symantec said the attacks mainly originate from the Middle East, though they have managed to infect thousands of systems worldwide.

"Symantec analysed 721 samples of njRAT and uncovered a fairly large number of infections, with 542 control and command (C&C) server domain names found and 24,000 infected computers worldwide," read the post.

"Nearly 80 percent of the C&C servers were located in regions in the Middle East and North Africa, including Saudi Arabia, Iraq, Tunisia, Egypt, Algeria, Morocco, the Palestinian Territories and Libya. "

The njRAT malware is a simple attack tool that originally appeared for download on several black market forums in June 2013.

The malware grants hackers basic powers, such as the ability to download and execute additional malware on infected systems, execute shell commands, read and write registry keys, capture screenshots, log keystrokes and hijack control of webcams.

The Symantec researchers said they expect hackers' interest in njRAT to end fairly quickly, as the new hacker groups realise its limitations and move on to more advanced malware.

"The more advanced threat actors, such as hacker groups, may continue to use njRAT for targeted attacks in the short term," read the post.

"For example, a report by the Electronic Frontier Foundation (EFF) and Citizen Lab found that njRAT is one of a number of tools being used to target Syrian opposition groups during the Syrian conflict. However, Symantec anticipates that such groups will eventually depart from using publicly available tools like njRAT and begin to develop their own tools and more advanced RATs for cyber attacks."

Symantec's discovery follows wider reports within the security community that hackers are tweaking their attacks to use RATs. Advanced threat specialist FireEye uncovered evidence in February that hackers are dropping standard malware such as Zeus, in favour of more advanced but harder-to-use RATs, such as Xtreme RAT.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Web developer (.NET) - digital agency - Reading - up to £50,000

Web developer (.NET) - digital agency - Reading - up...

IT Development Manager

This is a unique and senior opportunity to establish...

IT Infrastructure Manager

Closing Date: 13/10/2014 Working within a diverse and...

Business Systems Analyst

This role has arisen in a major international food manufacturing...
To send to more than one email address, simply separate each address with a comma.