Nanocore is a Remote Access Tool used to steal credentials and to spy on cameras. It as been used for a while by numerous criminal actors as well as by nation state threat actors.
NanoCore comes with base plugins that expand the performance capability of the malware, inciting specific malicious attacks. Since its discovery in 2013, NanoCore has gone through multiple versions over the years.
How Does NanoCore RAT Work?
Most malware are designed for one specific type of attack. However, NanoCore allows hackers to do just about anything they want to once they gain complete, anonymous control over infected devices.
In 2015, targeted emails were sent to energy companies in Asia and the Middle East by spoofing email addresses of a legitimate South Korean oil company. Attached to the email was a malicious RTF file that dropped the NanoCore trojan.
This is the sequence of events that shows how NanoCore was executed, ultimately putting the victims
|Phishing||A malicious RTF file email attachment is sent to the victim’s Outlook.|
|Payload Deployment||The user clicks the attachment and the trojan is uploaded on the device without any detection.|
|Business Email Compromise||Keyloggers are used to steal Office 365 credentials to gain access to financial information and other business-critical data.|
|Ransomware||Information is moved over to servers owned by hackers. The victims are then asked to a pay fee to get the stolen Office 365 data back.|