VENON Rust-based banking malware targeting Brazilian Windows users
Malware Activity
Summary
Hide ▲
Show ▼
Researchers disclosed VENON, a new Rust-based banking malware aimed at Brazilian Windows users, raising the risk of credential theft through fake banking overlays. The malware uses DLL side-loading, suspected ClickFix-style social engineering, and a chain of evasion techniques before opening a WebSocket C2 channel. It is built to monitor window titles and browser domains and can target 33 financial institutions and digital asset platforms, including the Itaú banking app.
Related Happenings
Grandoreiro and BTMOB banking trojan activity targeting Windows and Android
Malware Activity
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...
Grandoreiro and BTMOB banking trojan activity targeting Windows and Android
Malware ActivityAbout this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
CloudZ RAT Pheno Microsoft Phone Link credential-theft activity
Malware Activity
First: 05.05.2026 13:03
Last: 05.05.2026 13:03
Sources 1
About this happening:
The **CloudZ RAT** is now using the **Pheno** plugin to hijack **Microsoft Phone Link** sessions and steal **SMS-based OTPs** and other sensitive codes, increasing the risk of acc...
CloudZ RAT Pheno Microsoft Phone Link credential-theft activity
Malware ActivityAbout this happening: The **CloudZ RAT** is now using the **Pheno** plugin to hijack **Microsoft Phone Link** sessions and steal **SMS-based OTPs** and other sensitive codes, increasing the risk of acc...
Vidar infostealer market rise and distribution expansion
Malware Activity
First: 28.04.2026 22:07
Last: 28.04.2026 22:07
Sources 1
About this happening:
**Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Vidar infostealer market rise and distribution expansion
Malware ActivityAbout this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware Activity
First: 01.04.2026 16:30
Last: 01.04.2026 16:30
Sources 1
About this happening:
The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Venom Stealer MaaS continuous credential theft and exfiltration
Malware ActivityAbout this happening: The **Venom Stealer** **malware-as-a-service** platform has been identified as a **credential-theft** threat that keeps exfiltrating data after infection, extending the window for...
Timeline
-
12.03.2026 19:31 2 articles · 2mo ago
VENON Rust banking malware disclosed
Initial DisclosureResearchers disclosed VENON, a Rust-based banking malware targeting Brazilian Windows users that uses DLL side-loading and suspected ClickFix-style social engineering to stage payloads, perform anti-sandbox and bypass checks, retrieve configuration from Google Cloud Storage, install a scheduled task, and establish WebSocket C2 communication. The malware also includes banking overlay logic, active window monitoring, and LNK hijacking to focus on 33 financial institutions and digital asset platforms, including the Itaú banking application.
Show sources
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays — thehackernews.com — 12.03.2026 19:31
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays — thehackernews.com — 12.03.2026 19:31