Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content



Also known as: Sakurel, VIPER

Category: Malware

Type: Trojan

Platform: Windows

Variants: INOCNATION campaign, Ironman campaign

Damage potential: Remote device access and control, additional malware download and installation, data theft, surveillance, and financial loss.


Sakula is a remote access trojan — a specific type of malware that attackers use to compromise and remotely control devices. A subset of the threat’s variants are digitally signed, meaning they can bypass security controls. While relatively simplistic in nature, Sakula is an effective trojan that may cause serious issues — from data theft to financial loss.

Possible symptoms

Sakula is stealthy malware. Once it infects a device, it tries to avoid detection by antivirus programs. However, like other RAT infections, a Sakula infection may have some subtle signs, such as:

  • Unusual network activity (such as high traffic).

  • Unexpected pop-ups, alerts, or notifications.

  • Changes in your system settings.

  • Unfamiliar processes running in the Task Manager.

  • Unauthorized access (e.g., the mouse cursor moving on its own).

  • Antivirus security warnings.

Sources of infection

Sakula can spread in many ways, often through phishing emails and malicious attachments.

  • Phishing emails. Users may download Sakula by clicking a phishing link or opening a malicious attachment.

  • Untrustworthy sources. Sakula may spread via freeware download websites and third-party downloaders.

  • Unsafe USB drives. Cybercriminals may spread Sakula via infected USB drives, external hard drives, or other removable media.

  • Drive-by downloads. Sakula may also spread via compromised sites that automatically download this RAT onto a user’s device.

  • Software vulnerabilities. Some versions of Sakula may exploit security vulnerabilities to infect a device.

  • Malicious downloads. Sakula may sometimes be disguised as legitimate software or be bundled with pirated software.


Protect yourself from Sakula and other RAT infections with the following digital security measures.

  • Beware of scam emails. Sakula may spread via phishing emails. If you get an email that sounds unusually urgent or a little off, don’t interact with it.

  • Update your software. The Sakula RAT may target security vulnerabilities. Always install software updates to protect your devices from the latest threats.

  • Use reliable antivirus software. Protect your devices against Sakula with trustworthy antivirus and anti-malware tools.

  • Download from trusted sources. Sakula may spread via malicious downloads. To avoid accidentally downloading this RAT, get your apps from official sites and app stores.

  • Beware of malvertising. Sometimes, cybercriminals may spread Sakula through malicious advertising. To be safe, avoid clicking on ads and pop-ups.

  • Use multi-factor authentication (MFA). Multi-factor authentication can help protect your accounts even if someone manages to steal your login details.

  • Browse sensibly. Cybercriminals may create fake websites that look legitimate to spread Sakula and other RATs. Before entering any information, make sure a site is legitimate.

  • Use Threat Protection. For a safer online experience, use Threat Protection — NordVPN’s advanced feature that blocks malicious sites, intrusive trackers, and annoying ads. It also checks the files you download for malware.


If you think your device has been infected with Sakula, use your antivirus software to remove the RAT. It’s also important to disconnect from the internet immediately to stop the attackers from accessing your system. If you don’t have much experience with removing malware, it may be worth contacting your IT admin or seeking professional IT guidance if it’s a personal device.

Ultimate digital security