JanelaRAT malware activity targeting Latin American banks
Malware Activity
Summary
Hide ▲
Show ▼
JanelaRAT continues targeting Latin American banks and financial institutions, with telemetry showing 14,739 attacks in Brazil in 2025 and 11,695 in Mexico, raising the risk of credential theft and banking fraud. The malware steals financial and cryptocurrency data, logs keystrokes, captures screenshots, and monitors sensitive banking interactions. It is delivered through phishing emails and multi-stage Windows infection chains that use DLL side-loading and persistence mechanisms. The payload also uses remote commands and fake overlays to harvest credentials while trying to stay hidden from anti-fraud controls.
Related Happenings
WhatsApp VBScript attachment distribution campaign
Campaign
H score42
First: 23.06.2026 08:38
Last: 23.06.2026 08:38
Sources 1
About this happening:
The active **WhatsApp VBScript** campaign is spreading malicious attachments that can lead to **remote access** on victim systems. It targets **WhatsApp Desktop** and **WhatsApp W...
WhatsApp VBScript attachment distribution campaign
CampaignAbout this happening: The active **WhatsApp VBScript** campaign is spreading malicious attachments that can lead to **remote access** on victim systems. It targets **WhatsApp Desktop** and **WhatsApp W...
WhatsApp VBScript infection chain installing ManageEngine RMM Central
Malware Activity
H score20
First: 23.06.2026 08:38
Last: 23.06.2026 08:38
Sources 1
About this happening:
**VBScript attachments** spread through **WhatsApp direct messages** are now driving a **multi-stage Windows infection chain** that can end in remote access to victim systems. The...
WhatsApp VBScript infection chain installing ManageEngine RMM Central
Malware ActivityAbout this happening: **VBScript attachments** spread through **WhatsApp direct messages** are now driving a **multi-stage Windows infection chain** that can end in remote access to victim systems. The...
WhatsApp VBScript phishing campaign targeting users in multiple countries
Campaign
H score43
First: 23.06.2026 01:42
Last: 23.06.2026 01:42
Sources 1
About this happening:
An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
WhatsApp VBScript phishing campaign targeting users in multiple countries
CampaignAbout this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT
Campaign
H score36
First: 04.05.2026 14:57
Last: 04.05.2026 14:57
Sources 1
About this happening:
**Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...
Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT
CampaignAbout this happening: **Silver Fox** is running a **tax-themed phishing campaign** that now targets **India** with **Income Tax Department** lures and delivers **ValleyRAT (aka Winos 4.0)**. The campai...
ABCDoor backdoor activity in Silver Fox attacks
Malware Activity
H score23
First: 04.05.2026 14:35
Last: 04.05.2026 14:35
Sources 1
About this happening:
The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...
ABCDoor backdoor activity in Silver Fox attacks
Malware ActivityAbout this happening: The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...
Timeline
-
13.04.2026 20:15 2 articles · 2mo ago
JanelaRAT malware activity targeting Latin American banks
Initial DisclosureThe infection begins with **phishing emails** that impersonate outstanding invoices and lead victims to download a **PDF** and **ZIP archive**. The archive starts a multi-stage Windows chain that uses **DLL side-loading** to install **JanelaRAT**.
Show sources
- JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 — thehackernews.com — 13.04.2026 20:15
- JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025 — thehackernews.com — 13.04.2026 20:15