Posted: July 5, 2013

Backdoor.Ratenjay Description

Backdoor.Ratenjay (njRAT) is a Remote Access Tool (or RAT) and backdoor Trojan that is especially popular among cybercrooks in the Middle East. Because Backdoor.Ratenjay includes general functions for letting ill-minded persons take over your PC, as well as ones intended to track private information or assist other threats, Backdoor.Ratenjay is rated as a high-level threat. While using anti-malware software for removing Backdoor.Ratenjay, malware experts recommend that you pay attention to peripheral devices that could be compromised, particularly since variants of Backdoor.Ratenjay, like Njw0rm, include self-copying functions.

The RAT that's Responsible for Sniffing out Your Passwords

Backdoor.Ratenjay is one of the most generically useful (for illicit activities) types of threats in existence: the Remote Access Tool, a program that allows outsiders to browse your PC and modify its contents at their leisure. Just like the Bancos banking Trojans that prefer to target South America, Backdoor.Ratenjay has its own regional specialty and is most often seen in Saudi Arabia, Libya, Egypt and other localities in the Middle East. Some, but not all versions of Backdoor.Ratenjay also include worm functions, which can allow them to place copies onto peripheral hard drives. To stop Backdoor.Ratenjay's distribution, malware experts discourage sharing these devices until anti-malware products have disinfected them.

However, even if you confine Backdoor.Ratenjay to a single machine, its attacks are potent, with tens of thousands of separate PCs already infected and added to its botnet. Some functions of Backdoor.Ratenjay that malware analysts feel are worth outlining include:

  • Spyware-related features that allow Backdoor.Ratenjay to track information from the compromised computer. Backdoor.Ratenjay may take screenshots, record your keyboard's keystrokes or even monitor your webcam input.
  • Backdoor functions let Backdoor.Ratenjay place your PC into a botnet, wherein commands may be distributed to force the infected machine to partake in practices such as spamming or DDoS attacks. These attacks may have few or no symptoms for the infected PC, other than the increase in network traffic.
  • Backdoor.Ratenjay may be used to read and modify various system-critical files, particularly the Registry. These functions may disable security features that are necessary for your PC's safety.
  • Backdoor.Ratenjay may also install other files, including additional threats and external components.

Why Backdoor.Ratenjay is a RAT that's at Home in the Desert Heat

Backdoor.Ratenjay has had ample distribution and development since at least 2013, but is an especial worry to Middle Easterners. That worry is in part thanks to its original developer, @njq8, who provides updates to the RAT, along with tutorials, with a focus on Arabic audiences. These materials allow cybercrooks to use Backdoor.Ratenjay for a range of diverse purposes, and the overall consequences of allowing a single Backdoor.Ratenjay infection to rampage unchecked only can be estimated, rather than predicted with any definitive certainty. Malware researchers also estimate that Backdoor.Ratenjay may be playing a part in the ongoing political conflicts in that region, such as the recent war in Libya – albeit on both sides, more likely than not.

Backdoor.Ratenjay is implemented in such a way as to avoid being detected or removed whenever possible, and may exhibit slight differences in behavior between variants. General anti-malware procedures are recommended for deleting Backdoor.Ratenjay, which allows third parties to access any compromised PCs with a high level of control.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Backdoor.Ratenjay may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%Temp%\[THREAT FILE NAME]" = "%Temp%\[THREAT FILE NAME]:*:Enabled:[THREAT FILE NAME]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "\%Temp%\[THREAT FILE NAME]\"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "%Temp%\[THREAT FILE NAME]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "\%Temp%\[THREAT FILE NAME]\"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[DIGITS AND NUMBERS]" = "%Temp%\[THREAT FILE NAME]"

Related Posts

Home Malware Programs Backdoors Backdoor.Ratenjay

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.