Cyber Security Expert Discovers Remote Access Trojan (RAT) On Arabic-Language Forum

January 23, 2015


On January 22, 2015, a threat response engineer for the American security software company Trend Micro posted a blog concerning the new remote access Trojan (RAT) malware Njw0rm/Kjw0rm. In it, the engineer wrote that he had discovered the code for the malware on the website, which is disguised as an IT enthusiast website but instead features various types of spyware and malware. The code came from a forum on the site that was entirely in Arabic, leading the engineer to suspect that “an Arabic-speaking country is behind it.”

The whois info for features text in Arabic stating that the site deals with technical matters and development and has a forum to discuss software issues.

Source:, January 22, 2015;, January 23, 2015.