A Malspam campaign has been discovered distributing the Nanocore RAT Malware, a Remote Access Trojan that hides its presence for a long time by disabling the operation of an updated antivirus program. By generating fake alerts, it triggers and tricks users into installing the latest version of application software or virus protection software, meanwhile dropping harmful payloads in the registry editor. Once the user boots the system, the payloads are executed.
Many Malspam campaigns have been reported dropping the NanoCore RAT malware via MS Office documents, archives, etc. However, user action (clicking on attachments) is required for the infection to be successful.
Unauthorized Remote Access
Indicators of Compromise
IP(s) / Hostname(s)
Malware Hash (MD5/SHA1/SH256)