A new version of a powerful form of trojan malware is being offered on the dark web for free, with one cybersecurity company warning this could lead to a rise in attacks targeting passwords, bank details and other personal information, even by crooks with limited technical skills.
NanoCore RAT (Remote Access Trojan) first emerged in 2013 and continues to cause trouble for victims. Criminals could buy the malware for as little as $25, but versions of the software have also been leaked online throughout its development and now a new variant with additional, more dangerous, capabilities is being shared for free on a dark web forum.
Uncovered by security researchers at LMNTRIX Labs, NanoCore v1.2.2 offers users a variety of attacks against Windows systems, including the ability to steal passwords, perform keylogging and secretly record audio and video footage using the webcam.
SEE: 10 tips for new cybersecurity pros (free PDF)
To avoid detection while using the webcam, NanoCore disables the light which would usually demonstrate that it is recording.
Other capabilities include the ability to remotely shutdown or restart the machine, as well as the ability to remotely control the mouse, open web pages and more: ultimately, it provides an attacker with the ability to use the machine as if it was their own and exploit it for the criminal purpose of stealing personal information, passwords and payment details.
Like many other hacking campaigns, NanoCore is mainly distributed with email phishing attacks: researchers note that many of the current campaigns distributing the malware are designed to look like invoices or purchase orders with attachment names designed to provoke victims into clicking.
Those operating NanoCore campaigns are provided with a user-friendly interface to help manage their activity – and make it simpler for low-level attackers to conduct attacks.
"Malware authors today tend to favour easy-to-use interfaces as it helps them write and update code, as well as use the RAT more efficiently. This simple interface also lowers the barrier for entry for any prospective hackers, so even amateurs can launch an attack," Arannya Mukerjee, senior threat researcher at LMNTRIX Labs told ZDNet.
"Anytime an exploit kit or RAT kit is made available for free, it leads to an explosion of campaigns using the malware. We certainly expect to see more spin-off versions of the NanoCore RAT in the future, and predict most newer versions would continue to be tailored to amateur hackers," he added.
Many forms of free malware look to exploit common security vulnerabilities – some of which are years old – so one of the best ways to ensure you don't fall victim to campaigns is to ensure your operating systems and applications are patched and up to date.
MORE ON CYBER CRIME
- How cybercriminals are still snaring victims using seven-year-old malware
- 7 security tips to keep people and apps from stealing your data CNET
- These are the most common types of phishing emails reaching your inbox
- Cybersecurity: Malware lingers in SMBs for an average of 800 days before discovery TechRepublic
- This phishing campaign uses an odd tactic to infect Windows PCs with two forms of trojan malware