First identified in late 2024, NonEuclid is an advanced Remote Access Trojan (RAT) specifically designed to target Windows systems. Actively promoted on underground channels such as Discord and YouTube, it is distributed through spear-phishing campaigns and the exploitation of software vulnerabilities, making it a versatile and highly effective tool for cybercriminals.

What sets NonEuclid apart is its ability to evade robust security measures, including the Anti-Malware Scan Interface (AMSI) and User Account Control (UAC). This capability enables it to execute a range of malicious activities, including data exfiltration, keylogging, and facilitating ransomware attacks. The sophisticated nature of this malware poses a significant threat to both individuals and organisations, underscoring the critical need for proactive and layered cybersecurity defences. By leveraging advanced evasion techniques, NonEuclid poses a critical risk to organisations relying solely on Microsoft Defender for endpoint security.

While Microsoft Defender provides baseline protection, its effectiveness can be undermined by NonEuclid’s ability to bypass key defences, such as the Anti-Malware Scan Interface (AMSI) and User Account Control (UAC). This leaves endpoints vulnerable to data exfiltration, keylogging, and ransomware attacks, potentially leading to significant financial and reputational damage.

To mitigate these risks, organisations must adopt a multi-layered security approach that combines robust endpoint detection and response (EDR) solutions with proactive threat hunting, behavioural analysis, and continuous monitoring to stay ahead of sophisticated threats like NonEuclid.