JanelaRAT, a modified BX RAT, is actively targeting banks and financial institutions in Latin America—particularly Brazil and Mexico—to steal financial and cryptocurrency data while monitoring user activity and manipulating browsers. The multi-stage infection chain leverages ZIP/VBScript and rogue MSI installers with DLL side-loading, plus malicious Chromium extensions and C2 controls to capture screenshots, keystrokes, and deploy interactive overlays to harvest credentials. #JanelaRAT #BXRAT
Keypoints
- JanelaRAT primarily targets banks and financial institutions in Brazil, Mexico, Chile, and Colombia.
- The campaign shifted from VBScript ZIP droppers to rogue MSI installers that use DLL side-loading for persistence.
- A malicious Chromium extension is installed to collect cookies, browsing history, tab metadata, and trigger actions on matched URLs.
- The malware detects active window titles for targeted banks, opens dedicated C2 channels after a delay, and tracks user activity to time operations.
- Capabilities include screenshots, cropped image exfiltration, keystroke capture, input injection, system metadata theft, and anti-analysis detection.
Read More: https://thehackernews.com/2026/04/janelarat-malware-targets-latin.html