VENON Rust-based banking malware targeting Brazilian Windows users
Malware Activity
Summary
Hide ▲
Show ▼
Researchers disclosed VENON, a new Rust-based banking malware aimed at Brazilian Windows users, raising the risk of credential theft through fake banking overlays. The malware uses DLL side-loading, suspected ClickFix-style social engineering, and a chain of evasion techniques before opening a WebSocket C2 channel. It is built to monitor window titles and browser domains and can target 33 financial institutions and digital asset platforms, including the Itaú banking app.
Related Happenings
Millenium RAT Windows malware activity and native C++ rewrite
Malware Activity
H score62
First: 29.06.2026 17:30
Last: 29.06.2026 17:30
Sources 1
About this happening:
The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...
Millenium RAT Windows malware activity and native C++ rewrite
Malware ActivityAbout this happening: The **Millenium RAT** malware activity is spreading across **Windows** systems, with **60,000+ infections** in **160+ countries** and a newer **native C++** build that helps it ev...
GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy
Malware Activity
H score41
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...
GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy
Malware ActivityAbout this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...
Grandoreiro and BTMOB banking trojan activity targeting Windows and Android
Malware Activity
H score25
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...
Grandoreiro and BTMOB banking trojan activity targeting Windows and Android
Malware ActivityAbout this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
H score20
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
CloudZ RAT Pheno Microsoft Phone Link credential-theft activity
Malware Activity
H score24
First: 05.05.2026 13:03
Last: 05.05.2026 13:03
Sources 1
About this happening:
The **CloudZ RAT** is now using the **Pheno** plugin to hijack **Microsoft Phone Link** sessions and steal **SMS-based OTPs** and other sensitive codes, increasing the risk of acc...
CloudZ RAT Pheno Microsoft Phone Link credential-theft activity
Malware ActivityAbout this happening: The **CloudZ RAT** is now using the **Pheno** plugin to hijack **Microsoft Phone Link** sessions and steal **SMS-based OTPs** and other sensitive codes, increasing the risk of acc...
Timeline
-
12.03.2026 19:31 2 articles · 3mo ago
VENON Rust banking malware disclosed
Initial DisclosureResearchers disclosed VENON, a Rust-based banking malware targeting Brazilian Windows users that uses DLL side-loading and suspected ClickFix-style social engineering to stage payloads, perform anti-sandbox and bypass checks, retrieve configuration from Google Cloud Storage, install a scheduled task, and establish WebSocket C2 communication. The malware also includes banking overlay logic, active window monitoring, and LNK hijacking to focus on 33 financial institutions and digital asset platforms, including the Itaú banking application.
Show sources
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays — thehackernews.com — 12.03.2026 19:31
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays — thehackernews.com — 12.03.2026 19:31