The developer of NanoCore RAT (remote access Trojan) has been sentenced to 33 months (2.75 years) in prison for promoting and selling the malware on a popular hacking forum HackForums between 2012 to 2016. The 27-year-old Taylor Huddleston (“Aeonhack” on HackForums) of Hot Springs, Arkansas was arrested in March 2017 and pleaded guilty in July to developing NanoCore malware and admitting that he intended the product to be used maliciously.
NanoCore malware was first identified in 2013 and extensively sold on the dark web for just US$25 and initially targeting energy sectors around the world including the United States and Canada. However, later NanoCore was also found targeting gaming users on Steam.
According to court documents [PDF], NanoCore malware worked as a keylogger allowing attackers to record each and every keystore, stole password, turned on webcam and spy on target remotely, secretly view, modify or delete documents on the system, it also worked as a ransomware by locking user files and asking for ransom and used the infected system as stresser or booter to launch distributed denial-of-service (DDoS) attacks.
Huddleston also developed a licensing software “Net Seal” which he used to make a profit by selling it to other software developers, some of whom used Net Seal to distribute their own malicious software. By developing and selling Net Seal, Huddleston assisted in the distribution of that malicious software.
He used PayPal to accept payments for Net Seal deals; offering users to distribute (either malicious software or other software) to 50 PCs. In return, Huddleston received thousands of payments via PayPal from Net Seal customers.
“By developing NanoCore and distributing it to hundreds of people, some of whom he knew intended to use it for malicious purposes, Huddleston knowingly and intentionally aided and abetted thousands of unlawful computer intrusions and attempted unlawful computer intrusions, including intrusions and attempted intrusions that occurred within the Eastern District of Virginia… Huddleston agrees the evidence would show that NanoCore was used in a massive “spear phishing” scheme designed to infect and attempt to infect thousands of victim computers, including computers within the Eastern District of Virginia,” revealed court documents.
Huddleston also worked with 21-year old hacker Zachary Shames (another HackForum user) of from Great Falls, Virginia and the creator of Limitless keylogger (Limitless Keylogger Pro). Huddleston provided him access to Net Seal which allowed Shames to distribute Limitless keylogger and target unsuspecting users. The keylogger stole personal data from the system including passwords, conversations, login data, banking credentials and recorded keystrokes.
In total, Limitless keylogger was sold to over 3,000 people and infected 16,000 devices worldwide. In return, Shames made approximately one thousand payments to Huddleston via PayPal. However, Shames was arrested in January 2017 which also led to the arrest of Huddleston.
“Mr. Huddleston understands and accepts that he broke the law by marketing… NanoCore on a website frequented by users who would likely use the programs for malicious purposes. Mr. Huddleston knows that he has no one to blame but himself, and is prepared to serve the sentence this Court finds appropriate. His actions before and after his arrest illustrate his sincere remorse and dedication to using his talents to benefit society and make amends for his illegal conduct.”
Huddleston was facing 10 years in prison but U.S. District Judge Liam O’Grady on Friday has sentenced him to 2.75 years.