NanoCore is a remote access trojan (RAT) first identified in 2013 and, shortly after, was made available on the Dark Web. The most recent version was released in March 2015 and made available for sale on the open internet for $25, though free "cracked" versions were leaked. NanoCore is a modular trojan that can be modified to include additional plugins, expanding its functionality and performance based on the user's needs. The "NanoCore community" has also developed modules to execute additional functions, such as screen lockers, made available for users to download. NanoCore's ease of use and customization features makes it an attractive option for novices and skilled threat actors alike. As a result, this trojan is used to target victims all around the world, with a majority located in the US, and mainly spread via malicious emails.

NanoCore made headlines in March 2017 after its author, Taylor Huddleston, was arrested and charged with conspiracy and aiding and abetting computer intrusions. Huddleston is not facing charges stemming from his own hacks, but he is facing charges from operations conducted by cybercriminals using his NanoCore RAT.


  • January 2017: NanoCore is not your average RAT. (DigiTrust Group)

  • March 2017: FBI arrests NanoCore author. (TheDailyBeast)

  • July 2017: The author of NanoCore, Taylor Huddleston, has plead guilty to developing the malware, admitting that he intended the product to be used maliciously. (BleepingComputer)

  • January 2019: NanoCore is being delivered through malicious documents using a technique that keeps its process running. (Fortinet)

  • June 2019: NanoCore is being distributed in a malspam campaign using attached ISO image file attachments. (SecurityWeek)

Technical Details

  • Symantec provides technical analysis of the NanoCore RAT, available here.