Bladabindi

Malware updated 6 months ago (2024-05-04T22:18:03.139Z)
Download STIX
Preview STIX
Bladabindi, also known as njRAT, is a remote access trojan (RAT) malware first discovered in 2013. It poses a significant threat to the privacy, security, and integrity of infected systems, allowing attackers to execute commands on the host, log keystrokes, and remotely activate the victim's webcam and microphone. The malware can steal personal information and facilitate the installation of other malicious software. In addition, Bladabindi has been associated with other identified threats such as ENDEV and EDIDEV. An active campaign using Middle Eastern geopolitical-themed lures to distribute njRAT has been ongoing since at least mid-2022, primarily infecting victims across the Middle East and North Africa. Recently, it was found that some products from Acemagic, a PC manufacturer, were infected with Bladabindi. Windows Defender detected the malware shortly after booting the machine. Acemagic confirmed the presence of Bladabindi on some of its PCs, raising concerns about the potential inclusion of another malware called Redline, notorious for its ability to steal sensitive data, including cryptocurrency. The discovery of Bladabindi on Acemagic's products has raised serious security concerns. Upon booting the machines, The Net Guy encountered Bladabindi malware, a notorious backdoor known for stealing users’ information and facilitating the installation of additional malicious programs. Acemagic later admitted that the Redline malware may have also been included in their systems. This incident underscores the need for robust cybersecurity measures and vigilant monitoring to prevent such malware infections.
Description last updated: 2024-05-04T21:57:07.614Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
njRAT is a possible alias for Bladabindi. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, d
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Bladabindi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more