What is NanoCore? Developer of the nasty data-stealing RAT sentenced to 33 months in prison
The RAT has been used in multiple phishing campaigns targeting energy companies in Asia and the Middle East
The author of the notorious remote access Trojan NanoCore has been sentenced on Friday (23 February) to nearly three years in prison for promoting and selling the malware on the popular hacking site HackForum between 2012 and 2016. Taylor Huddleston, 27, of Hot Springs, Arkansas, pleaded guilty in July 2017 to aiding and abetting computer crime by selling malicious software to hackers who then used it to steal data, surreptitiously turn on webcams and perform other nefarious functions.
Huddleston, who went by the moniker Aeonhack, developed and advertised NanoCore on the dark web for just $25 (£18) that was eventually used to infect and attempt to infect over 100,000 computers.
NanoCore came with an array of dubious functions including keylogging that allowed hackers to record every keystroke made and the ability to steal passwords and personal data such as login details, banking credentials and conversations. It could also remotely view, modify and delete documents on the system and stealthily activate victims' webcams to spy on them as well.
The malware also supported a plugin system allowing it to function as a ransomware by locking infected computers until the victim paid up or use the infected system as a stressor or booter to launch distributed denial-of-service (DDoS) attacks.
His other product called "Net Seal" - a licensing software tool - was also popular among the hacking community and was used to secure the malicious malware they distributed against pirates. One of his customers was fellow HackForum user Zachary Shames - the creator of the Limitless keylogger who went on to sell copies of his software to 3000 people and infect 16,000 computers across the globe.
Huddleston initially claimed that his products were legitimate tools used by administrators to manage their networks. His attorney also claimed that his client should not be held responsible for the illegal actions of his customers.
However, he later admitted in a statement of facts signed by him in July 2017 that he intended his creations to be used maliciously.
Since the first cracked version of NanoCore was leaked in December 2013, the RAT has been used in multiple phishing campaigns targeting energy companies in Asia and the Middle East as well a massive spear-phishing scheme targeting at least 6000 computers in Norfolk, Virginia in August 2016. It was also used to target gamers on Steam.
He later sold ownership of NanoCore to a third-party in 2016.
Huddleston faced a maximum prison sentence of ten years, but the court sentenced him to 33 months instead.