Also known as: PUA:Win32/Puwaders
Category: Potentially unwanted application (PUA), malware
Type: Can act as remote access trojan, password-stealing virus, banking malware, spyware
Platform: Windows
Variants: PDF file, portable executable file, other executable or script-based methods.
Damage potential: Can result in stolen credentials and banking information, identity theft, financial loss, future payloads.
Overview
Puwaders, or PUA:Win32/Puwaders, is a detection name that Microsoft Defender Antivirus uses to label potentially unwanted applications. Puwaders can range from relatively harmless cyber threats (such as non-malicious downloads or intrusive ads) to malware capable of stealing sensitive information from infected devices by recording keystrokes, audio, and video without the user’s knowledge.
Possible symptoms
Puwaders often operates stealthily, so you may not notice anything until you see something suspicious in your accounts. More subtle signs of infection include:
- Sluggish computer performance.
- Unusual network activity.
- Unexpected pop-ups.
- Unauthorized account activity.
- New or suspicious programs.
- Changes to system’s settings.
- Unusual error messages.
Sources of the infection
Phishing emails, compromised websites, and downloads from unofficial sources, are the common sources of a Puwaders infection. In addition, the users may get Puwaders into their system by installing fake updates or software installers that come in bundles with unknown software.
Protection
Good cybersecurity practices are essential to protect yourself from Puwaders and similar threats.
- Keep your operating system and all software updated.
- Avoid downloading files or clicking on links from unknown sources.
- Use NordVPN’s Threat Protection Pro™ to scan downloads and block malware-hosting websites.
- Install reliable antivirus software.
- Enable two-factor authentication (2FA) on online services to prevent cybercriminals from using your accounts, even if they have your login credentials.
- Regularly backup important data to an external source.
Removal
If you suspect your device might be infected, you should act promptly:
- Disconnect your device from the internet.
- Boot into safe mode and run a full system scan using a trusted antivirus software.
- Follow the instructions of your antivirus software to isolate and remove the malware.
- After removal, change all passwords and check your accounts for suspicious activity.