Bladabindi

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Bladabindi, also known as njRAT, is a remote access trojan (RAT) malware first discovered in 2013. It poses a significant threat to the privacy, security, and integrity of infected systems, allowing attackers to execute commands on the host, log keystrokes, and remotely activate the victim's webcam and microphone. The malware can steal personal information and facilitate the installation of other malicious software. In addition, Bladabindi has been associated with other identified threats such as ENDEV and EDIDEV. An active campaign using Middle Eastern geopolitical-themed lures to distribute njRAT has been ongoing since at least mid-2022, primarily infecting victims across the Middle East and North Africa. Recently, it was found that some products from Acemagic, a PC manufacturer, were infected with Bladabindi. Windows Defender detected the malware shortly after booting the machine. Acemagic confirmed the presence of Bladabindi on some of its PCs, raising concerns about the potential inclusion of another malware called Redline, notorious for its ability to steal sensitive data, including cryptocurrency. The discovery of Bladabindi on Acemagic's products has raised serious security concerns. Upon booting the machines, The Net Guy encountered Bladabindi malware, a notorious backdoor known for stealing users’ information and facilitating the installation of additional malicious programs. Acemagic later admitted that the Redline malware may have also been included in their systems. This incident underscores the need for robust cybersecurity measures and vigilant monitoring to prevent such malware infections.
What's your take? (Question 1 of 1)
34690625-63e4-4daa-b8f5-8fc64b16a4c2 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
njRAT
2
NjRAT is a malicious software, or malware, that has been used in both criminal and targeted attacks since 2013. This remote-access Trojan (RAT) is capable of identifying remote hosts on connected networks (T1018) and detecting if the victim system has a camera during the initial infection (T1120). I
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Bladabindi Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
AutoIt-Compiled Worm Sends Fileless BLADABINDI/njRAT
CERT-EU
3 months ago
Chinese PC-maker Acemagic's machines infected with malware
Trend Micro
a year ago
Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
CERT-EU
3 months ago
This Chinese PC Manufacturer Tailored its Own Devices to be Susceptible to Malware
CERT-EU
3 months ago
Pre-installed Malware Found on Chinese Acemagic Products
CERT-EU
10 months ago
Fake TeamViewer Installer Used to Deliver njRAT Malware
CERT-EU
3 months ago
Cyber Security Week in Review: March 1, 2024
CERT-EU
7 months ago
Threat Roundup for November 3 to November 10
CERT-EU
10 months ago
Fake TeamViewer Installer Used to Deliver njRAT Malware | IT Security News