NanoCore - What it is, warning signs, and how to remove and prevent this RAT

NanoCore

What it is

NanoCore is a remote access trojan (RAT) used by criminals to spy on victims, steal data, and control Windows PCs from afar. It can log keystrokes, grab screenshots, record from the webcam or mic, and drop more malware. Technical details and IOCs are in our NanoCore overview for defenders.

How it spreads - quick tour

  • Phishing emails with booby-trapped attachments

  • Fake installers, cracks, and “updates” from shady sites

  • Malicious links that fetch a small loader which then pulls NanoCore

What you may notice

  • New startup tasks or services you did not create

  • Webcam or mic activity lights at odd times

  • High network use when idle or connections to unknown hosts

  • Browser redirects or new extensions appearing

Remove it now

  1. Disconnect from the internet to cut remote control.

  2. Run a full anti-malware scan, reboot, then scan again.

  3. Check startup items, scheduled tasks, services, and proxies - remove unknowns.

  4. From a clean device, change passwords and enable MFA on email, banking, and cloud.

  5. Review recent downloads and uninstall suspicious apps or add-ons.

Prevent it

  • Install software only from official sources - avoid cracks and repacks.

  • Keep Windows, browsers, and Office updated - block macros by default.

  • Use reputable EDR or anti-malware plus DNS or web filtering.

  • Be cautious with email attachments and links - verify out of band before opening.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Remote Access Trojan (RAT)

        What it is A Remote Access Trojan is malware that pretends to be legit software but secretly installs a back door. Once running, it gives an outsider admin-level control of the device: they can browse files, capture screens and keystrokes, turn on ...

      • Backdoor

        A backdoor is a hidden way into a device or account. It lets someone bypass normal logins and get in without your knowledge. How it gets there: Malware: a trojan installs secret remote access. Software bugs: attackers exploit a flaw to plant access. ...

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • Async RAT

        What it is Async RAT is a remote-access tool turned spy kit. Once installed, attackers can watch screens, log keystrokes, steal files and passwords, and control the device from afar. For behaviors and examples, see the Async RAT threat guide. What ...

      • Data Breach

        What it is A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our data breach guide How it happens ...