Also known as: NanoCore RAT, Nancrat, NanoCore Client
Variants: Like many popular malware tools, NanoCore was developed and adjusted by cybercriminals to fit their needs, so there are multiple versions and variants of it.
Damage potential: Stealing usernames and passwords, surveillance, screen locking, installation of additional malware, system manipulation and control.
NanoCore is a remote access trojan (RAT) that was first identified around 2013. It’s commercial malware that was sold on hacking forums to people who wanted a tool to remotely access and control their targets’ computers. When NanoCore was created, it was intended to be sold as a legitimate remote administration tool. However, its features make it a perfect tool for cybercriminals, given its ability to steal passwords and record videos and audio from the computer’s camera and microphone.
- Unexpected system slowdowns.
- Unrecognized processes running in the Task Manager.
- Random behavior without user intervention, like the webcam turning on by itself.
- Security software getting disabled.
- Unknown files or software appear on the computer.
Sources of the infection
NanoCore infects your Windows computer the same way most malware does. Here are some common ways you can end up with it on your devices:
Opening innocent-looking Microsoft Office attachments from phishing emails.
Visiting a compromised or malicious website that automatically downloads and installs NanoCore through a drive-by download.
Installing unknown browser extensions.
Clicking on a malicious ad.
Using infected portable external storage devices.
Installing software bundles without checking what’s in them.
Try to ensure that the malware doesn’t get onto your device in the first place. You can use NordVPN’s Threat Protection to help you do that. It will block your access to malicious websites, stop malicious ads from loading, and scan your downloading files and delete them if malware is found.
Here are some more things you can do to avoid NanoCore:
Keep your OS and software patched and up to date.
Install a robust antivirus/anti-malware and make sure it’s set to update regularly.
Be skeptical of unsolicited emails, especially those with attachments or links.
Ensure your computer’s firewall is active.
Stick to official app stores and trusted websites — don’t download software from unknown suppliers.
Start your computer in safe mode to limit the malware’s operations, and use a recently updated and reliable antivirus to scan your device and remove NanoCore.
If you know what you’re doing, you can try to look for and remove suspicious files and processes manually. This requires more technical know-how, so you may need some help from a professional.
In severe cases, it might be best to backup your data and then completely reinstall the operating system.