BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Introduce yourself to JanelaRAT, a remote access Trojan with a Portuguese accent.

    A new cyber thief has emerged in Latin America, focusing on users' financial data.

    JanelaRAT, a new financial Trojan capable of stealing sensitive data from compromised Windows systems, has targeted Latin American users.

    JanelaRAT, according to a recent report from research firm Zscaler, primarily seeks financial and cryptocurrency data from banks and financial institutions. To avoid detection, the malware employs the DLL Sideloading technique, which makes use of legitimate application libraries from VMware and Microsoft.

    The infection chain's exact beginning is unknown, but Zscaler discovered the malware campaign in June 2023. The attackers deliver a ZIP archive containing VBScript via an unknown vector.

    Upon activation, VBScript downloads another ZIP archive from the attackers' server and installs a batch file to remove the malware from the system. The JanelaRAT payload and the legitimate executable file "identity_helper.exe" or "vmnat.exe," which launches the Trojan via the Sideloading DLL, are both included in the archive.

    JanelaRAT employs string encryption and sleeps to avoid detection and parsing. JanelaRAT, according to the researchers, is a heavily modified version of the BX RAT Trojan, which was released in 2014.

    One of the malware's new features is the ability to intercept open window titles and send them to attackers after registering on the C2 server. JanelaRAT also monitors mouse movements, keystrokes, screenshots, and collects system metadata.

    "JanelaRAT only includes a subset of BX RAT features." According to the researchers, "the developer did not implement shell command execution or file and process manipulation functions."

    An examination of the malware's source code revealed the presence of lines in Portuguese, indicating that the author at least owns it. True, Portuguese is not only widely spoken in Portugal; it is also spoken by the majority of people in a dozen other countries. As a result, accurately identifying the attacker's country is difficult.

    VirusTotal received the malicious VBScript used in the attack primarily from Chile, Colombia, and Mexico.

    "The use of original or modified RATs is a common practice among Latin American attackers." "The researchers note that JanelaRAT's focus on collecting financial data, as well as the method of extracting window titles, highlight its targeted and secretive nature."

    Author DeepWeb
    Discover Your Go-To Source For The Latest Cyber News Websites And Best News Sources
    Inside the Dark Web Economy: The Shocking Value of Your Personal Information

    Comments 0

    Add comment