Symantec
in its latest report made available to DigitalSENSE Business News says
that it observed the growth of indigenous groups of attackers in the Middle
East, centered around a simple piece of malware known as njRAT.
Also
DigitalSENSE Business News
gathered that while njRAT is similar in capability to many other Remote Access Tools
(RATs), an interesting part is that this malware is developed and supported by
Arabic speakers, resulting in its popularity among attackers in the region.
DigitalSENSE Business News equally gathered that majority of njRAT’s Control-and-Command
(C&C) servers were found in the Middle East and North Africa according to
Symantec, just as the malware could be used to control networks of computers,
known as botnets.
Although
most attackers using njRAT, DigitalSENSE
Business News noted, appeared to be engaged in ordinary cybercriminal
activity, there is also evidence that several groups have used the malware to
target governments in the region.
DigitalSENSE Business News investigations
showed that Symantec analyzed some 721 samples of njRAT and uncovered a fairly
large number of infections, with 542 control-and-command (C&C) server
domain names found and 24,000 infected computers worldwide.
“Nearly
80 per cent of the C&C servers were located in regions in the Middle East
and North Africa, including Saudi Arabia, Iraq, Tunisia, Egypt, Algeria,
Morocco, the Palestinian Territories and Libya.
DigitalSENSE Business News
recalls that njRAT is not new on the cybercrime scene, but has been publicly
available since June 2013 and three versions have already been released, all of
which could be propagated through infected Universal Serial Bus (USB) keys or
networked drives.
As
reported by Symantec, the main reason for njRAT’s popularity in the Middle East
and North Africa is a large online community providing support in the form of
instructions and tutorials for the malware’s development. Just as the malware’s
author also appears to hail from the region.
Even
as Symantec experts revealed that most njRAT users seem to be home users who
are interested in online pranks such as spying on webcams or taking screenshots
of victims’ computers.
“However,
infections have also been recorded on the networks of a number of governments
and political activists,” says Symantec official, Ms Katie Beck.
Chuks Egbuna/GEE
... Making SENSE of digital revolution!
No comments:
Post a Comment