Jump to content

Is there any defense against nanocore


Recommended Posts

From 2009 thru 2018 had no problems. Then Mar 2018 there was bank alert. Someone had written himself a grand on my account. My isp is Comcast and this is the worst. This jerk has endangered my life (no phone), interfered with my wife who is in a nursing home. Today I went to watchnPLEX, sign-in simple. But this jerk added background apps, and took it on himself to tell me my sign in was unsuccessful. Which was harassment

 No, there is some kind of software that allows this dude to interfere with my life and equipment.

I almost popped a vessel because this just angered me.

I rely on Eset and learning. I thought it could block jerks but apparently I have to switch to MacOsX or Linux.


Link to comment
Share on other sites

  • Administrators

The Nanocore trojan is detected like any other malware. Do you mean that an attacker logged into your machine, installed some applications and took over your "plex" account?

As for switching to Mac OS or Linux, while these are not as common target of malware as Windows, they are not immune to malware either.

Link to comment
Share on other sites

First some details on Nanacore:


The NanoCore remote access Trojan (RAT) was first discovered in 2013 when it was being sold in underground forums. The malware has a variety of functions such as keylogger, a password stealer which can remotely pass along data to the malware operator. It also has the ability to tamper and view footage from webcams, screen locking, downloading and theft of files, and more.

The current NanoCore RAT is now being spread through malspam campaign which utilizes social engineering in which the email contains fake bank payment receipt and request for quotation. The emails also contain malicious attachments with .img or .iso extension. The .img and .iso files are used by disk image files to store raw dumps of either magnetic disk or optical disc. Another version of NanoCore is also distributed in phishing campaigns leveraging specially-crafted ZIP file which is designed to bypass secure email gateways. The malicious ZIP file can be extracted by certain versions of PowerArchiver, WinRar, and older 7-Zip. The stolen information is sent to the command and control (C&C) servers of the malware attacker.


If you were using Eset Internet or Smart Security and accessing your bank's web site via Banking & Payment Protection option, your keystrokes would have been scrambled rendering keystroke capture ineffective against any installed keylogger.

Additionally both the above products scan incoming client-based e-mail for malware. Do note that when using web-based e-mail, caution should be exercised in how attachments are handled. Many will auto open attachments and show those inline with the body of the e-mail.

I would also recommend to use a bank that employs full two-factor authorization. That is when you logon to the bank's web site, it sends a code to a designated phone number you previously setup with the bank. The code has a one time use and must be entered to complete the bank web site logon. This ensures that even if an attacker captured your bank site logon id and password, he still can't access your bank account data.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members

Are you implying this virus has been active since 2018 on your system? I mention this as it is now 2020. Has eset been installed all the time? 

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...