NanoCore is a remote access trojan (RAT) first discovered in 2013, being sold in underground forums. The malware has a variety of functions including keylogging, password stealing that can remotely pass along data to the malware operator, ability to tamper and view footage from webcams, screen locking, download and theft of files, among others.
We have observed some NanoCore variants being spread through malicious documents. Some also use an interesting technique to keep the malware's processes running and prevent the victims from manually killing the processes.
It is capable of the following:
A typical NanoCore infection is below: