JanelaRAT is a sophisticated Remote Access Trojan (RAT) targeting financial and cryptocurrency institutions primarily in Latin America, with a heavy focus on Brazil and Mexico. Derived from BX RAT, this malware utilizes a unique title bar detection mechanism to monitor victim browser activity and trigger malicious actions when banking sites are accessed. The infection chain typically begins with phishing emails containing malicious MSI droppers that utilize DLL sideloading techniques to deploy the final payload.
Once active, JanelaRAT provides attackers with comprehensive control over the victim's machine, including keylogging, screen capturing, and live banking session hijacking. The malware employs advanced obfuscation tools like Eazfuscator and anti-analysis checks, such as monitoring for accessibility tools like Magnifier. It communicates with a dynamically rotating Command and Control (C2) infrastructure and uses deceptive full-screen overlays to capture multi-factor authentication tokens and credentials, effectively bypassing standard security measures.
Top comments (0)