Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

JanelaRAT malware activity targeting Latin American banks

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

JanelaRAT continues targeting Latin American banks and financial institutions, with telemetry showing 14,739 attacks in Brazil in 2025 and 11,695 in Mexico, raising the risk of credential theft and banking fraud. The malware steals financial and cryptocurrency data, logs keystrokes, captures screenshots, and monitors sensitive banking interactions. It is delivered through phishing emails and multi-stage Windows infection chains that use DLL side-loading and persistence mechanisms. The payload also uses remote commands and fake overlays to harvest credentials while trying to stay hidden from anti-fraud controls.

Related Happenings

Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT

Campaign
First: 04.05.2026 14:57 Last: 04.05.2026 14:57 Sources 1

About this happening: **Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...

Open Happening

ABCDoor backdoor activity in Silver Fox attacks

Malware Activity
First: 04.05.2026 14:35 Last: 04.05.2026 14:35 Sources 1

About this happening: The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...

Open Happening

FakeWallet crypto wallet phishing campaign targeting users in China

Campaign
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...

Latest development: 24.04.2026 14:48

Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.

Open Happening

Dragon Boss Solutions LLC adware malicious update

Malware Activity
First: 16.04.2026 22:07 Last: 16.04.2026 22:07 Sources 1

About this happening: A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...

Open Happening

ClockRemoval.ps1 antivirus-disabling malware activity linked to Dragon Boss Solutions LLC

Malware Activity
First: 15.04.2026 17:40 Last: 15.04.2026 17:40 Sources 1

About this happening: A signed software operation linked to **Dragon Boss Solutions LLC** was observed using **ClockRemoval.ps1** to disable antivirus on **more than 23,000 endpoints worldwide**, raisi...

Open Happening

Timeline

  1. 13.04.2026 20:15 2 articles · 1mo ago

    JanelaRAT malware activity targeting Latin American banks

    Initial Disclosure

    The infection begins with **phishing emails** that impersonate outstanding invoices and lead victims to download a **PDF** and **ZIP archive**. The archive starts a multi-stage Windows chain that uses **DLL side-loading** to install **JanelaRAT**.

    Show sources
    Open in new tab