njRAT is a RAT malware that can perform various malicious activities after receiving commands from the attacker. Because it provides various features such as file downloading, command execution, keylogging, and user account information extortion, it has been steadily used by attackers since the past.
Also, since one can easily find builders on the Internet, the malware is distributed in various forms to target domestic users. The most typical method is using torrents and webhards to distribute it under a disguise of a normal file. The njRAT malware was examined multiple times in the ASEC blog before.
Because a well-known malware such as njRAT is easily blocked by security programs, attackers are using various means to bypass detection. In this post, the team will explain the distribution method and infection flow of the recently distributed njRAT, as well as the malware confirmed to have been additionally installed by the attacker.