Bandook

Damage potential: Stolen credentials and banking information, identity theft, financial loss, future payloads

Overview

Bandook, or Bandok, is a remote access trojan (RAT) first detected in 2007 and it has made a comeback recently. Bandook is capable of stealing sensitive information from infected devices by recording keystrokes, audio, and video without the user’s knowledge. Cybercriminals can then use this information to access email or online banking accounts, make transactions, or spread malware.

Possible symptoms

Bandook operates stealthily, so you may not notice anything until you see something suspicious in your accounts. More subtle signs of infection are the following:

• Sluggish computer performance.

• Unusual network activity.

• Unexpected pop-ups.

Sources of the infection

Phishing emails are the primary source of a Bandook infection. When you click on a .doc or PDF file with an embedded malicious code, you might unknowingly install Bandook onto your device. Similarly, downloads from unofficial sources or peer-to-peer networks might have Bandook in their setup and infect devices.

Protection

Good cybersecurity practices are essential to protect yourself from Bandook and similar threats.

• Keep your operating system and all software updated.

• Avoid downloading files or clicking on links from unknown sources.

• Use NordVPN’s Threat Protection to scan downloads and block malware-hosting websites.

• Install reliable antivirus software.

• Enable two-factor authentication (2FA) on online services to prevent cybercriminals from using your accounts, even if they have your login credentials.

• Regularly backup important data to an external source.