NanoCore is an example of a RAT, which is a type of malware designed to provide an attacker with access to and control over an infected machine. Like most RATs, NanoCore provides a wide range of capabilities, including:
- Screen capture
- Remote access
- Keylogging
- Password stealing
- Screen locking
- Data exfiltration
- Run backdoor commands
- Webcam session theft
- Cryptocurrency mining
NanoCore is one of the leading malware variants currently in operation. In fact, it was number ten in Check Point Research’s list of the top malware families.
Like many malware variants, spam and phishing emails is the primary way that the NanoCore RAT is spread. These emails will contain fake invoices, bank payment receipts, and similar malicious attachments.
Instead of a document or PDF, these files may be .img or .iso disk image files or specially formatted malicious ZIP files. All of these file types have the ability to store files. Once installed on a device, NanoCore establishes a connection with its command and control server and begins collecting and exfiltrating sensitive information from the infected computer. For example, the malware will steal and send login credentials cached by the user’s browser, email client, and similar software.
What do you think?
It is nice to know your opinion. Leave a comment.