njRAT, also tracked as Bladabindi, is one of the most prolific commodity remote access trojans worldwide. First observed around 2012, it provides keylogging, webcam capture, microphone access, file management, remote shell, and credential theft. Its low cost and ease of use have made it extremely popular with low-skilled threat actors, particularly across the Middle East and North Africa. njRAT typically spreads through phishing, cracked software downloads, and USB infection.
This family has been observed using the following ATT&CK techniques: T1056.001 T1547.001 T1071.001
njRAT, also tracked as Bladabindi, is one of the most prolific commodity remote access trojans worldwide. First observed around 2012, it provides keylogging, webcam capture, microphone access, file management, remote shell, and credential theft. Its low cost and ease of use have made it extremely popular with low-skilled threat actors, particularly across the Middle East and North Africa. njRAT typically spreads through phishing, cracked software downloads, and USB infection.
njRAT (Bladabindi) is distributed through cracked software, USB autorun shortcuts, and social-engineered downloads, popular among low-skill operators in Arabic-speaking regions.
Webcam and keystroke logging indicators, hidden Run registry persistence, and antivirus detections for njRAT, Bladabindi, or Ratenjay are common signs.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/njrat.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.