Bladabindi

Malware updated 7 months ago (2024-05-04T22:18:03.139Z)

Download STIX

Preview STIX

Bladabindi, also known as njRAT, is a remote access trojan (RAT) malware first discovered in 2013. It poses a significant threat to the privacy, security, and integrity of infected systems, allowing attackers to execute commands on the host, log keystrokes, and remotely activate the victim's webcam and microphone. The malware can steal personal information and facilitate the installation of other malicious software. In addition, Bladabindi has been associated with other identified threats such as ENDEV and EDIDEV. An active campaign using Middle Eastern geopolitical-themed lures to distribute njRAT has been ongoing since at least mid-2022, primarily infecting victims across the Middle East and North Africa. Recently, it was found that some products from Acemagic, a PC manufacturer, were infected with Bladabindi. Windows Defender detected the malware shortly after booting the machine. Acemagic confirmed the presence of Bladabindi on some of its PCs, raising concerns about the potential inclusion of another malware called Redline, notorious for its ability to steal sensitive data, including cryptocurrency. The discovery of Bladabindi on Acemagic's products has raised serious security concerns. Upon booting the machines, The Net Guy encountered Bladabindi malware, a notorious backdoor known for stealing users’ information and facilitating the installation of additional malicious programs. Acemagic later admitted that the Redline malware may have also been included in their systems. This incident underscores the need for robust cybersecurity measures and vigilant monitoring to prevent such malware infections.

Description last updated: 2024-05-04T21:57:07.614Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
njRAT is a possible alias for Bladabindi. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, d	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Bladabindi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Cyber Security Week in Review: March 1, 2024
CERT-EU	9 months ago	This Chinese PC Manufacturer Tailored its Own Devices to be Susceptible to Malware
CERT-EU	9 months ago	Pre-installed Malware Found on Chinese Acemagic Products
CERT-EU	9 months ago	Chinese PC-maker Acemagic's machines infected with malware
CERT-EU	a year ago	Threat Roundup for November 3 to November 10
CERT-EU	a year ago	Fake TeamViewer Installer Used to Deliver njRAT Malware \| IT Security News
CERT-EU	a year ago	Fake TeamViewer Installer Used to Deliver njRAT Malware
Trend Micro	2 years ago	Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
MITRE	2 years ago	AutoIt-Compiled Worm Sends Fileless BLADABINDI/njRAT