A new variant of the njRAT trojan is targeting many users with a malspam campaign aimed at stealing banking login credentials and personal data.
NjRat is a program classified as a RAT (remote access trojan) developed in .NET that targets only Windows-based systems. If installed, it can allow criminal actors to collect information about the affected systems, steal credentials and personal data, as well as download and install additional malicious code, all under the control of manned remote servers.
For all these reasons, it is highly recommended to remove any infection as soon as possible to avoid suffering from privacy breaches and bank fraud attempts.
It is well known that njRAT has been available in different variants on forums and underground markets in recent years, allowing attackers to perform a wide range of activities typical of an infostelaer, keylogger and backdoor and to target private and corporate devices often evading security controls with obfuscation techniques.
Therefore, you should supplement your software security solutions with additional protection and common sense:
- routinely update your operating system and software, using official not third-party features and tools;
- avoid downloading pirated or free versions of software;
- never open email attachments that require macros to be activated. If you receive an email from an unknown or suspicious address, its attached or linked files should never be opened carelessly;
- use strong passwords and use two-factor authentication where possible;
- back up files on a regular basis.