VENON Malware Targets 33 Brazilian Banks with Rust-Based Attack

VENON Malware Targets 33 Brazilian Banks with Rust-Based Attack

First seen 13 Mar 2026, 21:42 UTC ThehackernewsScworldRescana 85% similarity 64.5

Article Content

Browse articles
ThreatCluster

A new banking malware named VENON has been identified, specifically targeting users in Brazil. This malware, developed in Rust, represents a shift from the previously common Delphi-based variants in the region. VENON mimics behaviors of established banking trojans like Grandoreiro and Mekotio, employing banking overlay techniques and monitoring active windows. Discovered by Brazilian cybersecurity firm ZenoX, VENON infects Windows systems using a sophisticated infection chain that includes DLL side-loading. It utilizes social engineering tactics, such as ZIP archives delivered via PowerShell scripts, to deceive users into executing the malware. The malware targets 33 financial institutions and digital asset platforms, replacing legitimate application shortcuts with malicious ones to steal user credentials. It incorporates nine evasion techniques, including anti-sandbox measures and AMSI bypasses, and establishes a WebSocket connection to its command-and-control server. An earlier version of VENON was noted in January 2026, with indications of AI assistance in its development.

Key Points: • VENON malware targets 33 Brazilian banks using Rust, marking a shift from Delphi variants. • The malware employs DLL side-loading and social engineering tactics for infection. • It incorporates advanced evasion techniques to avoid detection and steal credentials.

ThreatCluster AI

Timeline

2026-01-01
Earlier version of VENON discovered.
2026-02-01
VENON malware first identified by ZenoX.
2026-03-12
The Hacker News publishes detailed analysis of VENON.
2026-03-13
Scworld publishes news on VENON targeting Brazilian users.

Community

Browse all →