Remote access Trojans, dubbed RATs for short, have been on the rise again. Cybercriminals employ them for various reasons – from financial gain to truly staggering spying sessions. Another NanoCore remote access Trojan recently has been detected to rove around the Web. Its highest rates of infection are found in USA and Canada.
The NanoCore Trojan is completed with premium plug-ins and specifically targets energy companies. Security experts believe that cyber criminals have started developing the threat back in 2013. Multiple variants have been detected since then, showing the different stages the Trojan has gone through.
NanoCore Development Stages
The Trojan was released for the first time while in alpha stage. It could be found on underground forums in December 2013, but it still didn’t have much of its current features.
Four beta versions have been leaked since then. Its complete variant – 220.127.116.11 – was spread by attackers in March 2015 for a very small price. Anyone can buy a copy of the Trojan in exchange for $25 / €23. The low price and easy access to the Trojan led to its immediate worldwide spreading.
NanoCore Targeted Attacks
The Trojan has been noticed to aim at energy companies in the Middle East and Asia. As reported by security specialists, the attackers first proceeded by impersonating the address of a legit oil organization in South Korea, adding credibility to the bogus message. The files used to employ the attack are usually RTF or Word.
The exploited vulnerability – CVE-2012-0158 in Microsoft Windows Common Controls – has been known for quite some time. Software specialists note that the bug is present in a bundle of older products.
NanoCore Global Negative Impact
Experts have declared that the NanoCore last version is also suitable for less-experienced cybercriminals – it’s easy to find and cheap to buy. The Trojan proves to be a real kick for the career of every youngster wishing to develop malware. Researchers have also released information about the countries affected by the malicious attack. The highest rate of attacks is found in the United States, followed by Canada, Singapore, India, UK, and Hong Kong. Other targeted countries are Japan, Australia, United Arab Emirates, and Nigeria.
Spy Hunter system scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the malware tool. Find Out More About SpyHunter Anti-Malware Tool