JanelaRAT Malware Now Hijacking Banking Sessions of Users in Latin America : Research
BankingDefenseCybersecurityFinTech

JanelaRAT Malware Now Hijacking Banking Sessions of Users in Latin America : Research

Crowdfund Insider
Crowdfund InsiderApr 18, 2026

Companies Mentioned

Kaspersky

Kaspersky

Why It Matters

By commandeering active banking sessions, JanelaRAT bypasses traditional password‑only defenses, raising the threat level for financial institutions and their customers across Latin America.

Key Takeaways

  • JanelaRAT variant targets banking users in Brazil and Mexico
  • Malware hijacks live sessions, overlaying fake bank screens
  • Delivery uses phishing emails with VBS scripts and DLL sideloading
  • Attackers use encrypted channels for real‑time data exfiltration
  • Kaspersky logged over 26,000 attempts in Brazil and Mexico in 2025

Pulse Analysis

The resurgence of Remote Access Trojans (RATs) in Latin America reflects the region’s rapid adoption of online banking and fintech services. While classic RATs focused on credential theft, the latest JanelaRAT iteration demonstrates a shift toward session hijacking, a technique that allows attackers to manipulate a user’s active banking window in real time. This evolution is fueled by the high value of multi‑factor authentication tokens and the relative scarcity of robust endpoint detection solutions in many consumer environments.

Technically, JanelaRAT leverages a multi‑stage infection chain that begins with phishing emails containing compressed archives of malicious Visual Basic Script files. Once executed, the payload employs DLL sideloading to blend with legitimate system libraries, evading heuristic scanners. The trojan continuously monitors screen activity, detecting banking URLs or application windows, then deploys a full‑screen overlay that mimics the target bank’s interface. The overlay blocks input, prompting victims for passwords, OTPs, or even simulating Windows update warnings, while the malware silently records keystrokes, screenshots, and mouse clicks. Encrypted communication channels ensure that stolen data reaches the command‑and‑control server without detection.

For banks and security teams, the JanelaRAT campaign signals a need to reinforce both user education and technical controls. Real‑time transaction monitoring, behavioral analytics, and anti‑phishing gateways can disrupt the initial delivery vector, while endpoint protection platforms with advanced memory‑based detection can identify sideloaded components. Moreover, financial institutions should consider implementing out‑of‑band authentication methods that are resistant to screen overlay attacks. As cybercriminals continue to refine RAT capabilities, a layered defense strategy becomes essential to safeguard the burgeoning digital finance ecosystem in Latin America.

JanelaRAT Malware Now Hijacking Banking Sessions of Users in Latin America : Research

Read Original Article

Comments

Want to join the conversation?

Loading comments...