NJRat making a comeback, researchers observe
NJRat – a remote access trojan – is making a comeback, according to researchers with PhishMe.
The malware is being delivered via an email purportedly from eDisk, according to a Thursday post by Ronnie Tokazowski, senior researcher with PhishMe. The message in the email states that a professional gamer has sent a link to a file stored on the online storage service.
Clicking the link brings the user to a page where they can download a file named 'NFSW_Car_Changer.exe,' which is actually the threat, the post indicates.
“The executable is compiled with .NET 4.0,” Tokazowski wrote. “This is worth mentioning because most of the malware today is written in C/C++. The biggest benefit for malware to be written in .NET is that it can be difficult to decode and see what is truly going on.”