Find notable cyber news and cases, enriched with sources, timelines, and signals.

VENON Rust-based banking malware targeting Brazilian Windows users

Malware Activity
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

Researchers disclosed VENON, a new Rust-based banking malware aimed at Brazilian Windows users, raising the risk of credential theft through fake banking overlays. The malware uses DLL side-loading, suspected ClickFix-style social engineering, and a chain of evasion techniques before opening a WebSocket C2 channel. It is built to monitor window titles and browser domains and can target 33 financial institutions and digital asset platforms, including the Itaú banking app.

Related Happenings

Millenium RAT Windows malware activity and native C++ rewrite

Malware Activity
H score62 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
H score25 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
H score20 First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

CloudZ RAT Pheno Microsoft Phone Link credential-theft activity

Malware Activity
H score24 First: 05.05.2026 13:03 Last: 05.05.2026 13:03 Sources 1

About this happening: The **CloudZ RAT** is now using the **Pheno** plugin to hijack **Microsoft Phone Link** sessions and steal **SMS-based OTPs** and other sensitive codes, increasing the risk of acc...

Timeline

  1. 12.03.2026 19:31 2 articles · 3mo ago

    VENON Rust banking malware disclosed

    Initial Disclosure

    Researchers disclosed VENON, a Rust-based banking malware targeting Brazilian Windows users that uses DLL side-loading and suspected ClickFix-style social engineering to stage payloads, perform anti-sandbox and bypass checks, retrieve configuration from Google Cloud Storage, install a scheduled task, and establish WebSocket C2 communication. The malware also includes banking overlay logic, active window monitoring, and LNK hijacking to focus on 33 financial institutions and digital asset platforms, including the Itaú banking application.

    Show sources