WhatschatDocsFinance & Crypto
Related
Evaluating Pfizer Stock: A Long-Term Investor's Guide to Overcoming Pandemic HeadwindsAqara Camera Hub G350: The First Matter-Certified Camera and Its Smart Home ImpactCloudflare’s Post-Quantum IPsec Encryption Now Generally Available—Securing Wide-Area Networks Against Quantum ThreatsGameStop's Bold $55.5 Billion eBay Bid: A Strategic Play to Challenge AmazonFintech Product Failures Linked to Feature Overload: Experts Urge Shift to 'Bedrock' StrategyHow to Position Yourself for the 2026 Crypto Market: A Step-by-Step Guide Based on Recent TrendsThe Human Edge: Why Skilled Workers Are Beating AI in the Token EconomyBuilding Financial Products That Last: From MVP to Bedrock

New Financial Malware 'JanelaRAT' Targets Latin American Banks and Crypto Users

Last updated: 2026-05-04 19:58:59 · Finance & Crypto

Breaking: JanelaRAT Malware Campaigns Surge Across Latin America

A sophisticated Trojan named JanelaRAT is actively stealing financial and cryptocurrency data from users in Latin America, according to new threat intelligence released today. The malware, which has been operational since June 2023, specifically targets data from major banks and financial institutions in the region. Kaspersky experts warn that the threat actors behind JanelaRAT are continuously updating their techniques.

New Financial Malware 'JanelaRAT' Targets Latin American Banks and Crypto Users
Source: securelist.com

Background

JanelaRAT takes its name from the Portuguese word for 'window,' a nod to its custom title bar detection mechanism. This feature sets it apart from its predecessor, BX RAT, by allowing the malware to identify specific websites in victims' browsers and then execute malicious actions. Kaspersky solutions detect JanelaRAT as Trojan.Script.Generic and Backdoor.MSIL.Agent.gen.

Infection Chain: From Fake Invoice to Full Compromise

Initial infection begins with phishing emails that mimic pending invoice delivery, tricking recipients into clicking a malicious link that leads to a compromised website. From there, a compressed file is downloaded, typically containing VBScripts, XML files, ZIP archives, and BAT files. These components ultimately deliver a ZIP archive designed for DLL sideloading, deploying JanelaRAT as the final payload.

'The attackers are constantly evolving to evade detection,' said a Kaspersky security researcher. In the latest campaigns, the infection chain has evolved to integrate MSI files, which act as a streamlined dropper. 'We are seeing a logical progression where the number of installation steps is reduced, making the attack quicker and harder to trace,' the researcher added.

New Financial Malware 'JanelaRAT' Targets Latin American Banks and Crypto Users
Source: securelist.com

Initial Dropper and Persistence

The MSI file acts as an initial dropper, obfuscating file paths and names to hinder analysis. It uses ActiveX objects to manipulate the file system and execute malicious commands, establishing persistence on the infected system. The dropper creates shortcuts in the startup folder and stores a first-run indicator to avoid re-infection.

What This Means

Users in Latin America face an elevated risk of financial theft from these targeted attacks. The malware's ability to stay under the radar by frequently updating its infection chain means traditional defenses may not suffice. Experts urge strong anti-malware solutions, caution against clicking suspicious email links, and recommend verifying invoice requests through official channels. 'Vigilance is key,' the Kaspersky researcher emphasized. 'Organizations should also monitor for unusual DLL sideloading activity.'

See Also

External Resources

Ford Surpasses Q1 2026 Expectations with Boost from Tariff Refund and Plant TurnaroundHow Meta's AI Pre-Compiler Unlocks Hidden Code Knowledge for Engineering TeamsThe Cognitive Cost of AI: How Outsourcing Thinking Threatens Our JudgmentHow Russian GRU Hackers Used Old Routers to Steal Microsoft Office Authentication TokensStack Overflow's New CEO: Prashanth Chandrasekar Takes the Helm