JanelaRAT is an evolving malware family targeting financial institutions and cryptocurrency data, primarily in the Latin America region. A modified variant of BX RAT, it employs a unique title bar detection mechanism to monitor browser activity and trigger malicious actions when victims visit specific banking websites. Recent campaigns demonstrate a streamlined infection chain utilizing MSI files and DLL sideloading to deliver the final payload while attempting to evade security detection through obfuscation and environment checks.
The malware features extensive remote access capabilities, including screen monitoring, keylogging, and the ability to inject keystrokes or simulate mouse inputs. It utilizes a sophisticated decoy overlay system to capture credentials and bypass multi-factor authentication by displaying fake windows that mimic banking interfaces or system updates in Brazilian Portuguese. JanelaRAT also incorporates anti-analysis techniques, such as environment checks for accessibility tools, and rotates its C2 infrastructure daily using dynamic DNS services to maintain persistent access to infected hosts.
Top comments (0)