MENU

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

NanoCore is a Remote Access Trojan (RAT) which is a modular trojan that can be modified to include additional plugins, expanding its functionality and performance based on the user's needs.

NanoCore RAT is a very sophisticated infection, which can sneak inside any computer without visible symptoms. Once inside, the malware has the ability to initiate various harmful activities, most of which, may not be spotted on time, or at least not before a major damage or malfunction has been caused. This specific method of operation makes NanoCore a particularly harmful trojan horse, which uses stealth and disguise in order to achieve the criminal deeds it has been programmed for.

Normally, such threats are distributed via spam emails and infected attachments, malicious ads and fake pop-ups, misleading links, torrents or infected web pages. Oftentimes, you may find Trojans bundled inside software installers, which could be potential transmitters also of other viruses such as Ransomware.

A Trojan like NanoCore can be exploited for partial or total corruption and destruction of files and software, which is kept inside the infected machine. Additionally, the malware may crash and destroy a computer’s system completely, either for the purpose of the hackers’ entertainment or with some other criminal intentions.

With its stealthy infection and distribution methods, a Trojan is a backdoor perfect tool, which can deliver other malware inside the computer in an invisible way. More often, such malware is used to infect systems with Ransomware, but other viruses and nasty malicious scripts can be inserted with the same ease as well. Unfortunately, detecting them could be really difficult without proper antivirus software.

NanoCore, as well as any other Trojan threats, can easily steal sensitive information from your PC by secretly keeping track of all your activity. Passwords, login credentials, banking details, online profiles, and files could be copied and transmitted to the hackers, which will receive access to all of your information. Needless to say, with information in their hands, the criminals can blackmail and abuse you in a number of ways.

Turning your computer into a bot, which is absolutely under the control of the hackers, is another dreadful ability of the Trojans. Such viruses can easily provide full remote access to all the system and let the criminals manipulate it as they please.

In lieu, the netizens must be responsible in periodically checking the current processes running on computer stations. It’s also best to install security software with warning for detection purposes of malicious software.

RECOMMENDATION

All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of NanoCore malware, to wit:

  • Always update the anti-virus software installed in your computer and conduct regular full scanning at least once a week;
  • Do not open e-mail attachments or hyperlinks you receive from an unknown sender or they might contain malware;
  • Avoid clicking on any links or attachments from unknown senders;
  • Scan the computer with Microsoft Safety Scanner;
  • Backup your files regularly and never pay for ransom; and
  • Be wary in visiting websites and downloading software. Oftentimes the “free” software found online are riddled with malware.

For additional information, please refer to the following websites:

  • https://howtoremove.guide/nanocore-rat/
  • https://www.symantec.com/connect/blogs/nanocore-another-rat-tries-make-it-out-gutter
  • https://krebsonsecurity.com/tag/nanocore-rat/

POINT OF CONTACT

            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.