Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

The Role of Remote Access Trojans in the Malware Ecosystem: How njRAT Forged its Way Into History

Veronica Valeros

1 vote(s)

Remote Access Tools, or RATs, have existed since 1989 with the creation of NetSupport Manager, the first tool to allow remote control of a windows host. Originally these tools were used for legitimate purposes, but soon became the de facto tools for pranks and in the last decade for more complex attacks. When designed for malicious purposes, these tools are known as Remote Access Trojans. In the last three decades, more than 4000 different RATs were created, with a peak in the 2000s. While RATs are often overlook for their simplicity, they play a significant role in today’s malware ecosystem.

This papers introduces a generalist analysis of njRAT, a remote access trojan created in 2012 and actively used until now. From simple scams to advanced targeted attacks, njRAT has been actively used for more than five years by attackers all around the world. While there have been multiple reports on this piece of malware, this is the first work that looks at all these attacks as a whole in an attempt to understand its role in today’s threat landscape. What can we learn from 5 years of activity on a single malware? This talk will cover the known and unknowns of njRAT, the evolution of the malware in the last 5 years, the most common distribution methods used by attackers, the type of attacks involving this malware, an historical overview of the attacks in which this malware was used, the typical changes and personalisations used by the individual attackers, and other hidden aspects that are often overlook when analyzing individual attacks.

This work is the first in-depth research that I will be presenting as part of my Study of RATs, a long term study of the 300 more common remote access trojans in the last 30 years.


Veronica is a hacker and researcher from Argentina. Her research has a strong focus on helping people and involves different areas, from wireless and bluetooth privacy issues to malware, botnets and intrusion analysis. 
She has presented her research on international conferences such as BlackHat, EkoParty, Botconf, Troopers, and others. Since 2017, she has been participating as committee reviewer of several conferences, including BlackHat EU, GreHack, and BSides Zürich.
She is the co-founder of the MatesLab hackerspace (@mateslab) based in Argentina. She is also  the co-founder of the Independent Fund for Women in Tech (@womenintechfund), which aims to change the participation ratio of women at security conferences by providing free tickets to attend those events. She is also part of the core team of Security Without Borders (@swborders), a collective of cyber security professionals who volunteer assisting people at risk and NGOs on cyber security issues.
From 2013 to early 2018 she worked in the Cognitive Threat Analytics team (Cisco Systems) where she specialised on malware network traffic analysis and threats’ categorisation at big scale. She led a threat research team, leading simultaneous research projects and mentoring young people.
Since April 2018, she joined the Czech Technical University in Prague. She is leading the Civilsphere project, which aims to help NGOs from targeted attacks and cyber threats that may threaten their activities. In her spare time she is studying and researching remote access trojans in a project called 'A Study of RATs'.