Also known as: Backdoor:W32/Padodor.W, Backdoor.Win32.Padodor.w.
Damage potential: Data destruction, theft, and exfiltration, espionage and surveillance, installation of additional malware, system manipulation and control, further propagation and spreading to other devices, ransomware deployment, botnet formation, disruption of services.
Padodor is Russian malware designed to steal private data, such as credit card information and user credentials, by giving attackers remote access to a compromised system. First detected in 2004, this piece of malware can disable or bypass security programs and is sometimes used as a basis for developing other types of malware, such as trojans.
Padodor is capable of disabling antivirus software and other security programs. If your system prompts you to turn your antivirus on, this may be a sign that a malicious program has disabled it.
Other Padodor symptoms include:
Unfamiliar website traffic. RAT (remote access tools) need to connect to their command and control servers, so you’re likely to notice unknown outbound connections.
Unauthorized processes. Check your Task Manager for processes you don’t recognize, and look for unfamiliar icons on your desktop.
Slower system performance. Cybercriminals often use networks of compromised devices in coordinated attacks. If your device is infected, you will likely experience a significant drop in performance.
Sources of the infection
Padodor uses the same methods to spread as other popular malware, such as:
Emails containing phishing links or attachments.
Malicious links sent to contacts of a compromised social media account.
Pirated software and shady software update websites.
Malvertising, or malicious ads, can infect your device even if you don’t click on them.
In attacks against high-value targets, criminals can also search for known software exploits.
Cyber researchers have known about Padodor for two decades, so it’s important to keep your system up to date to improve the chances that your antivirus will detect the malware. But you can never be sure. That’s why preventing Padodor largely comes down to general cybersecurity advice like avoiding unknown links, using only official sources to download software, and using NordVPN’s Threat Protection, which scans files before they’re downloaded to your device.
If you suspect that Padodor, or any other malware, has slipped past your antivirus, it’s best to check if your antivirus has the latest updates and run a full scan of the system. Make sure to disconnect your computer from the internet, first. But if that doesn’t help, you may need to run a full system wipe.