Home Malware Programs Trojans NanoCore RAT

NanoCore RAT

Posted: March 27, 2015

NanoCore RAT is a backdoor Trojan and spyware program used to collect information and open the infected PC up to remote control by third parties. Previous versions of NanoCore RAT included limited functionality, but continual development has made NanoCore RAT more of a security issue over time. The latest version of NanoCore RAT has been used to attack energy companies in March of this year, and malware experts anticipate its further distribution in the near future. Standard anti-malware programs and data protection strategies are advisable in the wake of a NanoCore RAT infection, which you shouldn't remove via standard uninstall methods.

The Core of a Long-Striving RAT

Although some threatening software, such as the recent 'PacMan' Ransomware, earn names for themselves through strictly controlled development and distribution, others like NanoCore RAT gain infamy via the exact opposite strategies. NanoCore RAT has been in active development and distribution to the public since, at least, 2013, although most, previous versions of NanoCore RAT lacked full sets of features. The latest version of NanoCore RAT seen selling itself to the public has been considered sufficient for targeting high-profile entities, including oil companies throughout Canada, Singapore and the United States.

The latter country has borne the majority of the attacks so far, which have taken the format of corrupted e-mail messages with fraudulent references to actual Korean companies. The files linked to these messages include Trojan droppers for NanoCore RAT, accomplished non-consensually via an old RTF vulnerability. Fully-patched Microsoft Office users should not be affected by this installation attack.

NanoCore RAT or Trojan.Nancrat, currently includes general functions viable for letting third parties control the infected machine or collect information from it. Some examples malware specialists can point out for general reference include:

  • NanoCore RAT may upload files to a remote server or download (and then launch) files onto your PC.
  • NanoCore RAT may use multiple means of altering your PC's settings, including issuing system prompt commands or modifying the Registry.
  • NanoCore RAT may be used to monitor your webcam, desktop or even microphone input.

NanoCore RAT also is capable of updating itself, creating pop-up messages or forcing the infected PC to become part of a zombie botnet (a network of computers used for illicit activities). These features are far beyond the original scope of NanoCore RAT's earliest, 2013-era version, and showcase the development team's long term investment into this threat.

Sending a Rat Scurrying Away from Your PC

Despite the recent emphasis on corporate-targeted attacks using NanoCore RAT, NanoCore RAT also can be a substantial threat to casual PC owners. Unlike Poison Ivy or most other RATs, NanoCore RAT is widely available for purchase and use at a minimal price of 25 USD. It also is widely available and can easily be found on both ordinary Web forums and the so-called 'darknet.' As a result of its intended use-by-hiring to third parties, other distribution methods, and even payloads from NanoCore RAT may vary from campaign to campaign.

There are no definitive, visible symptoms linked to a NanoCore RAT infection. For deleting NanoCore RAT, malware researchers only can advice adhering to typical safety protocols and using anti-malware products to analyze all infected machines.

Loading...