JanelaRAT Malware Campaign Targets Latin American Financial Sector

Severity: High (Score: 69.5)

Sources: Securelist, Gbhackers, Cybersecuritynews

Summary

JanelaRAT, a Remote Access Trojan, is actively targeting financial institutions and cryptocurrency platforms in Latin America. The malware, which has been in circulation since June 2023, employs fake MSI installer files and malicious browser extensions to steal sensitive financial data. Victims are lured through phishing emails that mimic invoice deliveries, leading them to download malicious files. The infection chain has evolved to include the use of MSI files as droppers for the final payload, which is a DLL associated with JanelaRAT. Kaspersky detects this threat as Trojan.Script.Generic and Backdoor.MSIL.Agent.gen. The continuous updates to the malware's infection chain indicate that threat actors are adapting their tactics to evade detection. Current campaigns show a streamlined process with fewer installation steps, enhancing the malware's effectiveness. The scope of impact is significant, affecting numerous users across the region. Key Points: • JanelaRAT targets financial and cryptocurrency sectors in Latin America. • The malware uses fake MSI installers and malicious browser extensions for infiltration. • Phishing emails are the primary vector for initial infection.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Trojan (attack_type)
• Janela RAT Campaign (campaign)
• Brazil (country)
• Chile (country)
• Colombia (country)
• Mexico (country)
• Financial (industry)
• Backdoor.MSIL.Agent.gen (malware)
• Janela RAT (malware)
• JanelaRAT (malware)
• 808c87015194c51d74356854dfb10d9e (md5)
• d7a68749635604d6d7297e4fa2530eb6 (md5)
• T1036 - Masquerading (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1059.003 - Windows Command Shell (mitre_attack)
• T1059.005 - Visual Basic (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• Windows (platform)
• Gitlab (platform)
• ConfuserEx (tool)
• Eazfuscator (tool)