{
  "family": "bladabindi",
  "sample_count": 3930,
  "category": "rat",
  "description": "Bladabindi, also widely known as njRAT, is one of the most prolific commodity remote access trojans (RATs) in circulation, offering keylogging, webcam capture, credential theft, file transfer, and remote shell capability. Its low cost and ease of use have made it popular with low-skilled threat actors, particularly across the Middle East and North Africa. Bladabindi typically spreads through phishing, cracked software, and USB infection.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [
    "njrat",
    "lv",
    "ratenjay"
  ],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Bladabindi?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Bladabindi, also widely known as njRAT, is one of the most prolific commodity remote access trojans (RATs) in circulation, offering keylogging, webcam capture, credential theft, file transfer, and remote shell capability. Its low cost and ease of use have made it popular with low-skilled threat actors, particularly across the Middle East and North Africa. Bladabindi typically spreads through phishing, cracked software, and USB infection."
      }
    },
    {
      "@type": "Question",
      "name": "How does Bladabindi spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Bladabindi (njRAT) spreads through cracked software, USB drives with autorun shortcuts, and social-engineered downloads marketed as game cheats or pirated tools."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Bladabindi infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Webcam or microphone indicators activating unexpectedly, hidden Windows Run registry keys, and antivirus alerts for njRAT, Bladabindi, or Ratenjay are common indicators."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Bladabindi on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1056.001",
    "T1547.001",
    "T1071.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}