Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed June 10, 2026 | 00:34 UTC
2631 CVEs This Month
10 Actively Exploited
0 Ransomware Activity
25 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

JanelaRAT Malware Continues to Target Latin American Banks with Extensive Attacks in Brazil

Thirumala Rao Padilam Thirumala Rao Padilam April 13, 2026
JanelaRAT Malware Continues to Target Latin American Banks with Extensive Attacks in Brazil

JanelaRAT, a modified variant of the BX RAT malware, is actively targeting banks and financial institutions in Latin American countries such as Brazil and Mexico. The malware is designed to steal sensitive financial and cryptocurrency data while monitoring user inputs and system activity to facilitate cyber theft.

What happened

JanelaRAT has been observed conducting a significant number of attacks, particularly in Brazil, totaling 14,739 instances reported in 2025. This malware is a customized derivative of BX RAT, developed specifically to infiltrate financial entities by capturing valuable data such as cryptocurrency credentials and banking information. JanelaRAT is capable of tracking mouse movements, logging keystrokes, taking screenshots, and collecting metadata from infected systems to gather intelligence and enable unauthorized access.

Why it matters

Financial institutions remain prime targets for cybercriminals due to the direct financial gain these attacks can yield. JanelaRAT’s refined capabilities to harvest cryptocurrency-related data and detailed user activity enhance its threat level, posing risks not only to account holders’ funds but also to institutional cybersecurity and trust. The volume of attacks in Brazil underscores the importance of focused defensive measures within this geographic region and sector.

What security teams should do

Security teams within affected financial institutions should prioritize robust monitoring for behaviors characteristic of JanelaRAT infections, including unauthorized data exfiltration and suspicious system activity such as unexpected keystroke logging or screen captures. Reviewing system logs for unusual metadata collection and mouse input tracking can help in early detection. It is crucial to apply any available security patches and updates related to the underlying BX RAT vulnerabilities and employ advanced endpoint detection tools capable of recognizing modified RAT variants.

Key technical details

JanelaRAT operates as a remote access trojan (RAT) with extended capabilities beyond its predecessor BX RAT. Its functionalities include data theft focused on financial and cryptocurrency credentials, user activity monitoring by logging keystrokes and mouse inputs, taking screenshots of the victim’s screen, and harvesting system metadata to facilitate stealthy infiltration and prolonged access. These combined actions allow attackers to surveil and extract sensitive information effectively from targeted institutions.

Affected organizations/products

The targets predominantly include banks and financial institutions operating in Latin American countries, especially Brazil and Mexico. In 2025, Brazil alone experienced over 14,000 attacks linked to JanelaRAT, highlighting a concentrated regional impact within the banking sector.

Source attribution

https://thehackernews.com/2026/04/janelarat-malware-targets-latin.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!