NjRAT
Also known as: Bladabindi, Lime-Worm
RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."
It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
Linked Threat Actors
C2 Infrastructure
Last 7 days
| Date | C2 Hosts |
|---|---|
| Apr 14, 2026 | 8 |
| Apr 13, 2026 | 5 |
| Apr 12, 2026 | 1 |
| Apr 11, 2026 | 9 |
| Apr 10, 2026 | 3 |
| Apr 9, 2026 | 7 |
| Apr 8, 2026 | 2 |
Further Reading
We have continued tracking APT-C-36, also known as Blind Eagle, since our research on this threat actor in 2019. We share new findings of APT-C-36’s ongoing spam campaign targeting South American e...
We have been tracking a campaign involving the SpyAgent malware that abuses well-known remote access tools (RATs) — namely TeamViewer — for some time now. While previous versions of the malware hav...
We discovered an active campaign ongoing since at least mid-2022 which uses Middle Eastern geopolitical-themed lures to distribute NjRAT (also known as Bladabindi) to infect victims across the Midd...
The Vectra blog covers a wide range of cybersecurity topics, including exploits, vulnerabilities, malware, insider attacks, threat actors, AI, and more.
In this article, Zscaler security research team dissect the custom protocols used in some of the most prevalent RATs seen in recent campaigns. Read more.