Threats, Malware

NJRat making a comeback, researchers observe

March 23, 2015

NJRat – a remote access trojan – is making a comeback, according to researchers with PhishMe.

The malware is being delivered via an email purportedly from eDisk, according to a Thursday post by Ronnie Tokazowski, senior researcher with PhishMe. The message in the email states that a professional gamer has sent a link to a file stored on the online storage service.

Clicking the link brings the user to a page where they can download a file named 'NFSW_Car_Changer.exe,' which is actually the threat, the post indicates.

“The executable is compiled with .NET 4.0,” Tokazowski wrote. “This is worth mentioning because most of the malware today is written in C/C++. The biggest benefit for malware to be written in .NET is that it can be difficult to decode and see what is truly going on.”

prestitial ad