Banks and other financial institutions across Latin America are having their Microsoft Windows systems compromised with the new JanelaRAT malware to enable the exfiltration of sensitive user data, The Hacker News reports.
Attackers have leveraged a yet-to-be-known vector to facilitate the distribution of a ZIP archive file with a Visual Basic script meant to retrieve another ZIP archive with JanelaRAT and an executable for deploying the payload, according to a Zscaler ThreatLabz report.
While based on the BX RAT trojan, JanelaRAT has been enhanced with new window title-capturing capabilities that follow infected host registrations with the command-and-control server. Mouse input tracking, screenshot capturing, keystroke logging, and system metadata gathering could also be performed by JanelaRAT, which was found to have several Portuguese-language strings in its source code.
"JanelaRAT's focus on harvesting LATAM financial data and its method of extracting window titles for transmission underscores its targeted and stealthy nature," said researchers.
