NJRat making a comeback, researchers observe

NJRat – a remote access trojan – is making a comeback, according to researchers with PhishMe.

The malware is being delivered via an email purportedly from eDisk, according to a Thursday post by Ronnie Tokazowski, senior researcher with PhishMe. The message in the email states that a professional gamer has sent a link to a file stored on the online storage service.

Clicking the link brings the user to a page where they can download a file named 'NFSW_Car_Changer.exe,' which is actually the threat, the post indicates.

“The executable is compiled with .NET 4.0,” Tokazowski wrote. “This is worth mentioning because most of the malware today is written in C/C++. The biggest benefit for malware to be written in .NET is that it can be difficult to decode and see what is truly going on.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.