What is NanoCore?
NanoCore (S0336) is a versatile Remote Access Trojan (RAT) used for data theft. A key feature of NanoCore is that it is a modular malware, meaning it can use plugins to customize its functions. For example, it can ‘add on’ command execution, keylogging, or screen capture. NanoCore operates stealthily to give attackers full control over an infected computer.
Its capabilities include key logging for stealing credentials, screen capture for surveillance, and the ability to deploy other malware.
How to Defend Against NanoCore?
Defending against NanoCore requires preventing its initial infection and detecting its command-and-control (C2) activity.
- Be cautious with email attachments and downloads, which are the primary delivery vectors for this RAT.
- Keep all operating systems and applications patched to limit the vulnerabilities that can be exploited for initial access.
- Deploy endpoint detection and antivirus to identify and block the execution of known RATs and their malicious plugins.
- Use network detection (NDR) with integrated threat intelligence to spot and block NanoCore’s C2 communications.
