Symantec: “Simple njRAT Fuels Nascent Middle East Cybercrime Scene”

DUBAI, UAE, April 2, 2014/African Press Organization (APO)/ — Symantec (http://www.symantec.com) has observed the growth of indigenous groups of attackers in the Middle East, centered around a simple piece of malware known as njRAT (http://bit.ly/1i1Ps9m). While njRAT is similar in capability to many other remote access tools (RATs), what is interesting about this malware is that it is developed and supported by Arabic speakers, resulting in its popularity among attackers in the region.

Logo: http://www.photos.apo-opa.com/plog-content/images/apo/logos/symantec-1.png

Figure: http://www.photos.apo-opa.com/index.php?level=picture&id=940 (Majority of njRAT C&C servers are found in the Middle East and North Africa)

The malware can be used to control networks of computers, known as botnets. While most attackers using njRAT appear to be engaged in ordinary cybercriminal activity, there is also evidence that several groups have used the malware to target governments in the region.

Symantec analyzed 721 samples of njRAT and uncovered a fairly large number of infections, with 542 control-and-command (C&C) server domain names found and 24,000 infected computers worldwide. Nearly 80 percent of the C&C servers were located in regions in the Middle East and North Africa, including Saudi Arabia, Iraq, Tunisia, Egypt, Algeria, Morocco, the Palestinian Territories and Libya.

njRAT is not new on the cybercrime scene. It has been publicly available since June 2013 and three versions have already been released, all of which can be propagated through infected USB keys or networked drives.

The main reason for njRAT’s popularity in the Middle East and North Africa is a large online community providing support in the form of instructions and tutorials for the malware’s development. The malware’s author also appears to hail from the region.

Most njRAT users seem to be home users who are interested in online pranks such as spying on webcams or taking screenshots of victims’ computers. However, infections have also been recorded on the networks of a number of governments and political activists.

Symantec has identified 487 groups of attackers mounting attacks using njRAT. These attacks appear to have different motivations, which can be broadly classed as hacktivism, information theft, and botnet building.

As large numbers of Middle Eastern attackers continue to use njRAT due to its accessibility, Symantec expects that they will try to find new ways of obfuscating the malware to evade detection by antivirus software. They are likely to continue to use njRAT since an Arabic speaking community and its Arabic author continue to provide support for the malware.

Symantec anticipates that such groups will eventually depart from using publicly available tools like njRAT and begin to develop their own tools and more advanced RATs for cyberattacks.

Symantec detects this threat as Backdoor.Ratenjay (http://bit.ly/1i1Ps9m)..

For more information, please click here: http://www.symantec.com/connect/blogs/simple-njrat-fuels-nascent-middle-east-cybercrime-scene

Distributed by APO (African Press Organization) on behalf of Symantec Corporation.

Media contact:

Katie Beck

Katie_Beck@symantec.com

+971 55 300 61 22

About Symantec

Symantec Corporation (NASDAQ: SYMC) (http://www.symantec.com) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company’s more than 21,500 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to http://www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.

Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec, the Symantec Logo and the Checkmark logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Did you find this information helpful? If you did, consider donating.