Bladabindi

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Bladabindi, also known as njRAT, is a remote access trojan (RAT) malware first discovered in 2013. It poses a significant threat to the privacy, security, and integrity of infected systems, allowing attackers to execute commands on the host, log keystrokes, and remotely activate the victim's webcam and microphone. The malware can steal personal information and facilitate the installation of other malicious software. In addition, Bladabindi has been associated with other identified threats such as ENDEV and EDIDEV. An active campaign using Middle Eastern geopolitical-themed lures to distribute njRAT has been ongoing since at least mid-2022, primarily infecting victims across the Middle East and North Africa. Recently, it was found that some products from Acemagic, a PC manufacturer, were infected with Bladabindi. Windows Defender detected the malware shortly after booting the machine. Acemagic confirmed the presence of Bladabindi on some of its PCs, raising concerns about the potential inclusion of another malware called Redline, notorious for its ability to steal sensitive data, including cryptocurrency. The discovery of Bladabindi on Acemagic's products has raised serious security concerns. Upon booting the machines, The Net Guy encountered Bladabindi malware, a notorious backdoor known for stealing users’ information and facilitating the installation of additional malicious programs. Acemagic later admitted that the Redline malware may have also been included in their systems. This incident underscores the need for robust cybersecurity measures and vigilant monitoring to prevent such malware infections.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
njRAT
2
NjRAT is a remote-access Trojan (RAT) that has been commonly used in both criminal and targeted attacks since as early as 2013. It is part of a suite of RATs used by attackers, including Remcos and AsyncRAT, to exploit and damage computer systems. NjRAT can identify remote hosts on connected network
Endev
1
None
Edidev
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Ddos
Rat
Trojan
Worm
Dropper
Malware
Windows
Denial of Se...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RedlineUnspecified
1
RedLine is a malware designed to exploit and damage computer systems by stealing personal information, disrupting operations, or even holding data hostage for ransom. It has been identified as a favorite infostealer among threat actors selling logs through the marketplace 2easy, which also sells Rac
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bladabindi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Cyber Security Week in Review: March 1, 2024
CERT-EU
5 months ago
This Chinese PC Manufacturer Tailored its Own Devices to be Susceptible to Malware
CERT-EU
5 months ago
Pre-installed Malware Found on Chinese Acemagic Products
CERT-EU
5 months ago
Chinese PC-maker Acemagic's machines infected with malware
CERT-EU
9 months ago
Threat Roundup for November 3 to November 10
CERT-EU
a year ago
Fake TeamViewer Installer Used to Deliver njRAT Malware | IT Security News
CERT-EU
a year ago
Fake TeamViewer Installer Used to Deliver njRAT Malware
Trend Micro
a year ago
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
MITRE
a year ago
AutoIt-Compiled Worm Sends Fileless BLADABINDI/njRAT