Run browsers, manage files, and execute commands on a secondary desktop that the primary user cannot see.
Based on the technical profile of (also known as NukeBot), which is a banking Trojan and remote access tool (RAT) that includes a powerful Hidden VNC (HVNC) capability,
Block known C2 patterns and investigate any internal-to-external traffic using non-standard VNC protocols. HVNC - Tinynuke.rar
HVNC allows attackers to create a second, invisible desktop on a victim’s machine, enabling them to bypass security controls and interact with the system without the user's knowledge.
For detailed analysis and source code samples, researchers can refer to the HVNC for C# (TinyNuke) repository on GitHub. Attackers Abusing Various Remote Control Tools - AhnLab Run browsers, manage files, and execute commands on
The HVNC shellcode is typically injected into existing processes (like explorer.exe or browser processes) to maintain a low profile.
Because the actions occur within a legitimate user session, they often bypass standard VNC detection or multi-factor authentication (MFA) prompts that only appear on the active screen. For detailed analysis and source code samples, researchers
Unlike traditional remote desktop tools (like TeamViewer or AnyDesk), TinyNuke’s HVNC creates a hidden desktop session . This allows an operator to: