Trend Micro researchers have detected a variant of the remote access trojan NJWORM (also known as Kjw0rm) that appears to have been used in a cyber attack by pro-ISIS sympathizers on French television station TV5Monde.
In a Monday blog, the researchers said the backdoor, detected as VBS_KJWORM.SMA, may have been in existence since 2014 and was created by a RAT generator, called “Sec-wOrm 1.2 Fixed vBS Controller.” Of note, the variant KJWORM has been been found in 12 countries.
Because the C&C server that was allegedly used in the French attack has been linked to another backdoor, BKDR_BLADABINDI.C, Trend Micro said it believes that the actors behind the two malware attacks are the same.
“The RAT generator is currently available in several hacker forums and can be used by any threat actor,” the blog post warned. “Therefore, one does not need a lot of technical skill to use it.”