I discovered new Njrat[1] samples that (mis)utilize the Microsoft dev tunnels[2] service to establish connections to their C2 servers. This service enables developers to securely expose local services to the Internet for purposes such as testing, troubleshooting, and collaboration. It offers temporary, public, or private URLs that facilitate remote access to a development environment without needing to deploy code to a production setting. Dev tunnels generate a secure, temporary URL that links to a local service operating on your machine; they function across firewalls and NAT, and their access can be limited. This service is akin to the classic ngrok[3].