NanoCore RAT

Posted: March 27, 2015

NanoCore RAT Description

NanoCore RAT is a backdoor Trojan and spyware program used to collect information and open the infected PC up to remote control by third parties. Previous versions of NanoCore RAT included limited functionality, but continual development has made NanoCore RAT more of a security issue over time. The latest version of NanoCore RAT has been used to attack energy companies in March of this year, and malware experts anticipate its further distribution in the near future. Standard anti-malware programs and data protection strategies are advisable in the wake of a NanoCore RAT infection, which you shouldn't remove via standard uninstall methods.

The Core of a Long-Striving RAT

Although some threatening software, such as the recent 'PacMan' Ransomware, earn names for themselves through strictly controlled development and distribution, others like NanoCore RAT gain infamy via the exact opposite strategies. NanoCore RAT has been in active development and distribution to the public since, at least, 2013, although most, previous versions of NanoCore RAT lacked full sets of features. The latest version of NanoCore RAT seen selling itself to the public has been considered sufficient for targeting high-profile entities, including oil companies throughout Canada, Singapore and the United States.

The latter country has borne the majority of the attacks so far, which have taken the format of corrupted e-mail messages with fraudulent references to actual Korean companies. The files linked to these messages include Trojan droppers for NanoCore RAT, accomplished non-consensually via an old RTF vulnerability. Fully-patched Microsoft Office users should not be affected by this installation attack.

NanoCore RAT or Trojan.Nancrat, currently includes general functions viable for letting third parties control the infected machine or collect information from it. Some examples malware specialists can point out for general reference include:

  • NanoCore RAT may upload files to a remote server or download (and then launch) files onto your PC.
  • NanoCore RAT may use multiple means of altering your PC's settings, including issuing system prompt commands or modifying the Registry.
  • NanoCore RAT may be used to monitor your webcam, desktop or even microphone input.

NanoCore RAT also is capable of updating itself, creating pop-up messages or forcing the infected PC to become part of a zombie botnet (a network of computers used for illicit activities). These features are far beyond the original scope of NanoCore RAT's earliest, 2013-era version, and showcase the development team's long term investment into this threat.

Sending a Rat Scurrying Away from Your PC

Despite the recent emphasis on corporate-targeted attacks using NanoCore RAT, NanoCore RAT also can be a substantial threat to casual PC owners. Unlike Poison Ivy or most other RATs, NanoCore RAT is widely available for purchase and use at a minimal price of 25 USD. It also is widely available and can easily be found on both ordinary Web forums and the so-called 'darknet.' As a result of its intended use-by-hiring to third parties, other distribution methods, and even payloads from NanoCore RAT may vary from campaign to campaign.

There are no definitive, visible symptoms linked to a NanoCore RAT infection. For deleting NanoCore RAT, malware researchers only can advice adhering to typical safety protocols and using anti-malware products to analyze all infected machines.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to NanoCore RAT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.