NanoCore Rat Leaked

New malware that has been developed and leaked is expected to be the cause of more involvement by authorities across the United Kingdom and the United States, following in Blackshades footsteps. Security researchers at┬áSymantec have been following the malware since late 2013 when it was first created. They released information saying that the malware was leaked, and that when leaked, there becomes a huge spike of infections worldwide. The software is called Nanocore, and at one time had capabilities to log keystrokes, password recovery options and other more malicious features. The coder, code named Aeonhack, has since removed these features due to the threat of his software being used for illegal activities. Further investigation of Aeonhack reveals he does not intend for Nanocore rat to be malware, so at some point he either changed his mind about selling malicious software, or he changed Nanocore rat because it was being used maliciously and he didn’t intend for it to be used as such.

Picture below is an updated version of Nanocore Rat, as you can see by the announcement features have been removed to prevent abuse.

Nanocore Rat

Nanocore Rat

This is a statement he has made about his software

Any use of the words “infect”, “slave”, “bot”, “trojan”, “victim”, or “virus” in regards to NanoCore or it’s components will result in all communications being ignored. Furthermore, it is against NanoCore’s Terms of Service and based on the context of the message(s) your license may be terminated.


He also made this statement regarding a comparison of the Nanocore rat to Teamviewer:

The absence of those “features” in NanoCore doesn’t make it malware. TeamViewer has a very different usage case from NanoCore and it makes sense for them to require an ID and password. That being said, I am taking great efforts to discourage and stop malicious use of NanoCore and will continue doing so until I break this perception that it is malware.


Regardless, rumors are flying about police getting involved in another raid. The cracked malware, along with another product dubbed Imminent Monitor 3 appears to be catching the attention of researchers and blackhats all over the internet.