JanelaRAT: a financial threat targeting users in Latin America

JanelaRAT: a financial threat targeting users in Latin America

JanelaRAT is a malware family that takes its name from the Portuguese word “janela” which means “window”. JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has targeted users since June 2023. One of the key differences between these Trojans is that JanelaRAT uses a custom title bar detection mechanism to identify desired websites in victims’ browsers and perform malicious actions. The threat actors behind JanelaRAT campaigns continuously update the infection chain and malware versions by adding new features. Kaspersky solutions detect this threat as Trojan.Script.Generic and Backdoor.MSIL.Agent.gen. JanelaRAT campaigns involve a multi-stage infection chain. It starts with emails mimicking the delivery of pending invoices to trick victims into downloading a PDF fi

Source: https://securelist.com/janelarat-financial-threat-in-latin-america/119332/