Leaked Code for Njw0rm RAT Spawns New Malware

  • 23 January 2015
  • 0 replies
  • 745 views

Userlevel 7
Badge +54
By Ionut Ilascu    23 Jan 2015
 
Kjw0rm and Sir DoOom are Njw0rm's evolutionary step
 
The code for Njw0rm RAT (remote access Trojan) leaked in May 2013 on a website hosting malicious software is believed to have served as starting point for cybercriminals to create new malware pieces.
 
Kjw0rm (v2.0 and v0.5x) and Sir DoOom share similarities with Njw0rm, also known as njrat, in terms of functionality, but the authors of the new threats added some features of their own. 

Threats rely on a similar infection method

 
Although the two pieces have been coded in Visual Basic Script and the original was built with AutoIT, there are similarities that cannot be overlooked, such as the propagation method used.

Michael Marcos, threat response engineer at Trend Micro, says that all three threats infect the computer via removable devices and create shortcut icons for legitimate folders that point to the malware. Full Article

0 replies

Be the first to reply!

Reply