Skip to main content

Home Bandook


Also known as: Bandok

Category: Malware

Type: Remote access trojan, password-stealing virus, banking malware, spyware

Platform: Windows

Variants: PDF file, portable executable file

Damage potential: Stolen credentials and banking information, identity theft, financial loss, future payloads


Bandook, or Bandok, is a remote access trojan (RAT) first detected in 2007 and it has made a comeback recently. Bandook is capable of stealing sensitive information from infected devices by recording keystrokes, audio, and video without the user’s knowledge. Cybercriminals can then use this information to access email or online banking accounts, make transactions, or spread malware.

Possible symptoms

Bandook operates stealthily, so you may not notice anything until you see something suspicious in your accounts. More subtle signs of infection are the following:

  • Sluggish computer performance.
  • Unusual network activity.
  • Unexpected pop-ups.

Sources of the infection

Phishing emails are the primary source of a Bandook infection. When you click on a .doc or PDF file with an embedded malicious code, you might unknowingly install Bandook onto your device. Similarly, downloads from unofficial sources or peer-to-peer networks might have Bandook in their setup and infect devices.


Good cybersecurity practices are essential to protect yourself from Bandook and similar threats.

  • Keep your operating system and all software updated.
  • Avoid downloading files or clicking on links from unknown sources.
  • Use NordVPN’s Threat Protection to scan downloads and block malware-hosting websites.
  • Install reliable antivirus software.
  • Enable two-factor authentication (2FA) on online services to prevent cybercriminals from using your accounts, even if they have your login credentials.
  • Regularly backup important data to an external source.


If you suspect your device might be infected, you should act promptly:

  • Disconnect your device from the internet.
  • Run a full system scan using a trusted antivirus software.
  • Follow the instructions of your antivirus software to isolate and remove the malware.
  • After removal, change all passwords and check your accounts for suspicious activity.