Also known as: Bandok
Variants: PDF file, portable executable file
Bandook, or Bandok, is a remote access trojan (RAT) first detected in 2007 and it has made a comeback recently. Bandook is capable of stealing sensitive information from infected devices by recording keystrokes, audio, and video without the user’s knowledge. Cybercriminals can then use this information to access email or online banking accounts, make transactions, or spread malware.
Bandook operates stealthily, so you may not notice anything until you see something suspicious in your accounts. More subtle signs of infection are the following:
Sluggish computer performance.
Unusual network activity.
Sources of the infection
Phishing emails are the primary source of a Bandook infection. When you click on a .doc or PDF file with an embedded malicious code, you might unknowingly install Bandook onto your device. Similarly, downloads from unofficial sources or peer-to-peer networks might have Bandook in their setup and infect devices.
Good cybersecurity practices are essential to protect yourself from Bandook and similar threats.
Keep your operating system and all software updated.
Avoid downloading files or clicking on links from unknown sources.
Use NordVPN’s Threat Protection to scan downloads and block malware-hosting websites.
Install reliable antivirus software.
Enable two-factor authentication (2FA) on online services to prevent cybercriminals from using your accounts, even if they have your login credentials.
Regularly backup important data to an external source.
If you suspect your device might be infected, you should act promptly:
Disconnect your device from the internet.
Run a full system scan using a trusted antivirus software.
Follow the instructions of your antivirus software to isolate and remove the malware.
After removal, change all passwords and check your accounts for suspicious activity.