Awakari App

The Invisible Spy: A Complete Guide to njRAT (Bladabindi) Imagine an intruder in your computer, watching through your webcam and logging every keystroke, all without a single pop-up or error… Con...

#malware-analysis #art #cybersecurity #infosectrain #njrat

Origin | Interest | Match

Awakari App

The Invisible Spy: A Complete Guide to njRAT (Bladabindi) Imagine an intruder in your computer, watching through your webcam and logging every keystroke, all without a single pop-up or error… Con...

#malware-analysis #art #cybersecurity #infosectrain #njrat

Origin | Interest | Match

The njRAT C2 server is still active:
🔥 104.248.130.195:7492

njRAT runs MassLogger njRAT is a remote access trojan that has been around for more than 10 years and still remains one of the most popular RATs among criminal threat actors. This blog post demonstrates how NetworkMiner Pr...

Decoding #njRAT C2 traffic to extract screenshots, commands and transferred files
netresec.com?b=262adb9

@netresec

Decoding #njRAT C2 traffic to extract screenshots, commands and transferred files
https://netresec.com/?b=262adb9

NetworkMiner 3.1 Released This NetworkMiner release brings improved extraction of artifacts like usernames, passwords and hostnames from network traffic. We have also made some updates to the user interface and continued our effort to extract even more details from malware C2 traffic. More Artifacts Extracted Usernames and p[...]

#NetworkMiner #Proxy-Authenticate #NetworkMiner #Professional #njRAT #Redline #MC-NMF

Origin | Interest | Match

#NetworkMiner #Proxy-Authenticate #njRAT #Redline #Stealer #MC-NMF #MC-NBFSE

Origin | Interest | Match

#NetworkMiner #Proxy-Authenticate #njRAT #Redline #Stealer #MC-NMF #MC-NBFSE

Origin | Interest | Match

Fake Minecraft Installer Spreads NjRat Spyware to Steal Data Fake Minecraft Installer Spreads NjRat Spyware to Steal Data

⚠️ Gamers beware! Fake browser-based Minecraft clone #Eaglercraft 1.12 Offline is spreading NjRat spyware that steals passwords and spies on users.

🔗 hackread.com/fake-minecra...

#CyberSecurity #Minecraft #Gaming #NjRat #Malware #Scam

Decoding njRAT traffic with NetworkMiner I investigate network traffic from a Triage sandbox execution of njRAT in this video. The analysis is performed using NetworkMiner in Linux (REMnux to be specific). About njRAT / Bladabindi njRAT is a...

Did you know that NetworkMiner parses the #njRAT protocol? The following artefacts are extracted from njRAT C2 traffic:
🖥️ Screenshots of victim computer
📁 Transferred files
👾 Commands from C2 server
🤖 Replies from bot
🔑 Stolen credentials/passwords
⌨️ Keylog data
netresec.com?b=2541a39

@netresec

Did you know that NetworkMiner parses the #njRAT protocol? The following artefacts are extracted from njRAT C2 traffic:
🖥️ Screenshots of victim computer
📁 Transferred files
👾 Commands from C2 server
🤖 Replies from bot
🔑 Stolen credentials/passwords
⌨️ Keylog data
https://netresec.com/?b=2541a39

[Video] Original post on netresec.com

www.netresec.com/

#njRAT #Bladabindi #NetworkMiner #REMnux #2d65bc3bff4a5d31b59f5bdf6e6311d7 #ngrok.io #CAP #ret #inv #PLG #kl

Result Details

[Video] [Original post on netresec.com]

“I sent you an email from your email account,” sextortion scam claims In a new version of the old “Hello pervert” emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. Email spoofing basically comes down to sending emails with a false sender address, a method in use in various ways by scammers. Obviously, pretending to be someone else can have its advantages, especially if that someone else holds a position of power or trust with regards to the receiver. But sending a message to the victim’s from their _own_ email address might convince the victim that they have lost access over their own account. The text of the email roughly looks like this: > “As you may have noticed, I sent you an email from your email account > > This means I have full access to your account > > I’ve been watching you for a few months > > The thing is, you got infected with a njrat through an adult site you visited > > If you don’t know about this, let me explain > > The njrat gives me full access and control over your device. > > This means I can see everything on your screen, turn on the camera and microphone, but you don’t know it > > I also have access to all your contacts and all your correspondence. > > On the left half of the screen, I made a video showing how you satisfied yourself, on the right half you see the video you watched. > > With a click of a mouse I can send this video to all your emails and contacts on social networks > > I can also see access to all your communications and messaging programs that you use. > > If you want to avoid this, > > Transfer the amount of 1200 USD to my bitcoin address (“write buy bitcoin or find for bitcoin exchange if you don’t know”) > > My Bitcoin address (BTC wallet): 1FJg6nuRLLv4iQLNFPTpGwZfKjHJQnmwFs > > After payment is received, I will delete the video and you will not hear from me again > > I’m giving you 48 hours to pay > > Do not forget that I will see you when you open the message, the counter will start > > If I see you’ve shared this message with someone else, the video will be posted immediately” If the victim decides to search for “njrat” they’ll find that it’s a remote access trojan (RAT) has capabilities to log keystrokes, access the victim’s camera, steal credentials stored in browsers, upload/download files, view the victim’s desktop, and more. Scary stuff, and it supports the claims the scammer makes. But, as with all sextortion scams, this threat is an entirely empty one. There is more than likely no lurid video, no “njrat,” no list of contacts. Instead, there is just a threat which is meant to drive panic which is meant to drive payment. When we checked, we were happy to see that the scammers’ Bitcoin wallet is empty, although they could have set up a separate one for each victim. ## How to recognize sextortion emails Once you know what’s going on it’s easy to recognize these emails. Remember that not all of the below characteristics have to be included in these emails, but all of them are red flags in their own right. * The emails often look as if they came from one of your own email addresses. * The scammer accuses you of inappropriate behavior and claims to have footage of that behavior. * In the email, the scammer claims to have used “Pegasus” or some Trojan to spy on you through your own computer. * The scammer says they know “your password” or compromised your account. * You are urged to pay up quickly or the so-called footage will be spread to all your contacts. Often you’re only allowed one day to pay. * The actual message often arrives as an image or a pdf attachment. Scammers do this to bypass phishing filters. ## What to do when you receive an email like this First of all, even if it’s only to reassure yourself, scan your computer with an anti-malware solution that can detect and remove njRAT (if present). Second, if your computer is clean, check if your email account has not been compromised. Change the password and enable 2FA if possible. Don’t respond to the scammer, since that will confirm that the email address is in use and the mail is read. This could invoke more emails from scammers. Don’t let yourself get rushed into action or decisions. Scammers rely on the fact that you will not take the time to think this through and subsequently make mistakes. Do not open unsolicited attachments. Especially when the sender address is suspicious or even your own. For your ease of mind, turn off your webcam or buy a webcam cover so you can cover it when you’re not using the webcam.

“I sent you an email from your email account,” sextortion scam claims A new variant of the he...

www.malwarebytes.com/blog/news/2025/04/i-sent...

#News #Scams #njRAT #sextortion #spoofing

Event Attributes

www.netresec.com/

#NetworkMiner #QUIC #CIP #EtherNet/IP #UMAS #REMCOS #MSS #UPnP #JA3 #JA4 #njRAT

Event Attributes

NetworkMiner 3.0 Released I am very proud to announce the release of NetworkMiner 3.0 today! This version brings several new protocols as well as user interface improvements to NetworkMiner. We have also made significant changes under the hood, such as altering the default location to where NetworkMiner extracts files from n[...]

NetworkMiner 3.0 Released I am very proud to announce the release of NetworkMiner 3.0 today! This version brings several new protocols as well as user interface improvements to NetworkMiner. We have also made significant changes under the hood, such as altering the default location to where NetworkMiner extracts files from n[...]

NetworkMiner 3.0 Released I am very proud to announce the release of NetworkMiner 3.0 today! This version brings several new protocols as well as user interface improvements to NetworkMiner. We have also made significant changes under the hood, such as altering the default location to where NetworkMiner extracts files from n[...]

🚨 NjRat 2.3D Pro Found on GitHub!

This powerful RAT enables keylogging, credential theft, and ransomware attacks. Public access raises risks of widespread cyber threats. 🛡️🖥️

#cybersecurity #infosec #technews #njrat #cyberthreats #infosecnews

Page Not Found!

Surge in use of #TOR anonymity network & remote access tool #njRAT in #Iraq in past few weeks #cyberwarfare : http://tiny.cc/kp39jx