Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content



Also known as: Jupyter, Mars, Uranus, Yellow Cockatoo, Polazert

Category: Malware

Type: Trojan

Platforms affected: Windows

Variants: Trojan: W32/Nitol.A

Damage potential: Depleting resources by mining cryptocurrency, data theft, downloading and executing additional malware, spreading to other systems, adding the device to a botnet for DDoS attacks.


Nitol is mostly used to add devices to a botnet and use it for distributed denial-of-service (DDoS) attacks. It also allows attackers to access and control a device, steal the data that’s stored on it, and download and execute other malicious files.

When it enters a device and is executed, Nitol first runs a check to see if it is not on a virtual machine and is suitable for infection. If it is suitable, Nitol lays dormant for a while to avoid detection, and then replicates itself as either an EXE or DLL file with a randomly generated six-character filename.

Nitol gathers the device’s data — geolocation, system name, processor speed, RAM size, and operating system type and version — and sends it back to the command and control server. Nitol can manipulate the system by restarting or shutting it down and can force-open the browser.

Possible symptoms

  • Unusual system behavior, like unexpected restarts or shutdowns.

  • Slower device performance or reduced internet speed.

  • Unknown processes or applications showing up in the Task Manager.

  • Unauthorized changes to the device’s settings or system files.

  • The web browser opens automatically.

Sources of infection

Cybercriminals can infect your device with Nitol in a few different ways:

  • By exploiting vulnerabilities in outdated software on your device.

  • By using other malware to download Nitol to your device.

  • By sending out phishing emails with malicious attachments or dangerous links.

  • Through drive-by downloads from compromised or malicious websites.

  • By disguising the trojan as legitimate software that people download and execute themselves.

  • Through removable media, like USB sticks and external hard drives that are already infected with the Nitol malware.


The best way to protect from Nitol is to ensure that the trojan doesn’t enter your device in the first place. So be careful when you get unsolicited emails, especially if they have files or links attached. You can use NordVPN’s Threat Protection to make your browsing safer and help you avoid malware like Nitol. It will block your access to malicious websites and scan the files you’re downloading and delete them if malware is found. It will also notify you if any of the software on your device has vulnerabilities so you can update it immediately.

Here are some more things you can do:

  • Regularly update your software and operating system to close security loopholes.

  • Educate yourself on recognizing phishing attempts and learn about safe browsing practices.

  • Only download software from official app stores and developers’ websites.

  • Don’t connect unknown data storage devices to your computer.

  • Make sure to back up your most sensitive data every few months.

Nitol removal

  • Disconnect infected devices from the internet to stop malware from communicating with its control center.

  • Use an updated and reputable paid antivirus software to scan your device and remove malicious components.

  • Manually check for and remove unrecognized services or processes. You may need to seek professional help for this step.

  • Consider doing a full system restoration — delete everything on your device, restore factory settings, and start fresh.

  • After removal, change passwords and review security settings to prevent reinfection.

Ultimate digital security