A sophisticated malware campaign has targeted financial institutions across Latin America, with Brazil experiencing over 14,000 attacks in 2025. The operation utilizes a remote access trojan known as JanelaRAT, which is designed to steal sensitive financial data and cryptocurrency information from specific banks.
Scope and Impact of the Attacks
The malware, a modified version of the BX RAT, has been deployed in a concentrated campaign against banks and financial entities in countries including Brazil and Mexico. In Brazil alone, security researchers have documented 14,739 separate attack instances attributed to this threat actor in the current year.
JanelaRAT possesses a wide range of capabilities that enable comprehensive data theft and system surveillance. Its functions include logging keystrokes, capturing screenshots, and tracking mouse movements to harvest login credentials and other sensitive input. The malware also collects detailed system metadata, which can be used for further targeting or to bypass security measures.
Technical Capabilities and Data Theft
The primary objective of JanelaRAT is financial gain through data exfiltration. It is specifically configured to identify and steal information associated with predetermined financial institutions. This includes account details, transaction records, and access to cryptocurrency wallets linked to these entities.
By combining keylogging, screen capture, and system intelligence gathering, the malware creates a detailed profile of user activity on infected machines. This multi-faceted approach allows attackers to bypass certain forms of two-factor authentication and understand the internal applications used by their targets.
Regional Threat Landscape
The focus on Latin American financial sectors continues a persistent trend of cybercriminal activity in the region. Financial institutions are often targeted due to the direct potential for monetary theft and the valuable transactional data they hold. The high number of incidents in Brazil highlights its position as a major economic focal point for such attacks.
Security analysts note that the reuse and modification of established malware like BX RAT allows threat actors to operate efficiently. These modified tools are often distributed through phishing emails, malicious downloads, or exploit kits, capitalizing on unpatched software vulnerabilities.
Response and Mitigation
Financial institutions in the affected regions are advised to enhance endpoint detection, conduct rigorous employee training on phishing attempts, and ensure all systems are updated with the latest security patches. Monitoring for unusual network traffic or processes associated with remote access tools is also considered a critical defensive step.
The disclosure of this campaign serves as a reminder for organizations worldwide to maintain robust, layered security postures. The techniques used by JanelaRAT, while currently focused on Latin America, are common among global cybercrime syndicates.
Looking Ahead
Security researchers expect the JanelaRAT campaign to continue evolving, with potential expansions to other geographic regions or verticals. The cybersecurity community is actively analyzing the malware’s command and control infrastructure to potentially disrupt its operations. Financial regulators in impacted countries are likely to issue further guidance to institutions regarding this specific threat in the coming weeks.
Source: Adapted from original security disclosure
