JanelaRAT invoice-phishing campaign targeting Latin American banks

Campaign

First reported

13.04.2026 20:15

Last updated

13.04.2026 20:15

Happening score

H score 33

1 unique sources, 1 articles

Summary

Hide ▲

JanelaRAT is being delivered through a phishing campaign that uses invoice-themed lures and a ZIP/DLL side-loading chain to reach banks and financial institutions across Latin America. The operation has evolved from VBScript delivery to MSI installer droppers, showing continued adaptation since May 2024. The focus on banking interactions, credential theft, and remote control makes the campaign a sustained threat to financial institutions.

Related Happenings

JanelaRAT malware activity targeting Latin American banks

Malware Activity

First: 13.04.2026 20:15 Last: 13.04.2026 20:15 Sources 1

How related: "A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect system metadata."

About this happening: **JanelaRAT** continues targeting **Latin American banks and financial institutions**, with telemetry showing **14,739 attacks in Brazil** in **2025** and **11,695 in Mexico**, ra...

Open Happening

Timeline

13.04.2026 20:15 2 articles · 1mo ago

JanelaRAT invoice-phishing campaign targeting Latin American banks

Initial Disclosure
Initial delivery used **invoice-themed phishing emails** that directed victims to a **PDF** and then a **ZIP archive**. The chain then relied on **DLL side-loading** to install **JanelaRAT** on targeted systems.
Show sources

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 — thehackernews.com — 13.04.2026 20:15

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 — thehackernews.com — 13.04.2026 20:15
Open in new tab