BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Introduce yourself to JanelaRAT, a remote access Trojan with a Portuguese accent.

    A new cyber thief has emerged in Latin America, focusing on users' financial data.

    JanelaRAT, a new financial Trojan capable of stealing sensitive data from compromised Windows systems, has targeted Latin American users.

    JanelaRAT, according to a recent report from research firm Zscaler, primarily seeks financial and cryptocurrency data from banks and financial institutions. To avoid detection, the malware employs the DLL Sideloading technique, which makes use of legitimate application libraries from VMware and Microsoft.

    The infection chain's exact beginning is unknown, but Zscaler discovered the malware campaign in June 2023. The attackers deliver a ZIP archive containing VBScript via an unknown vector.

    Upon activation, VBScript downloads another ZIP archive from the attackers' server and installs a batch file to remove the malware from the system. The JanelaRAT payload and the legitimate executable file "identity_helper.exe" or "vmnat.exe," which launches the Trojan via the Sideloading DLL, are both included in the archive.

    JanelaRAT employs string encryption and sleeps to avoid detection and parsing. JanelaRAT, according to the researchers, is a heavily modified version of the BX RAT Trojan, which was released in 2014.

    One of the malware's new features is the ability to intercept open window titles and send them to attackers after registering on the C2 server. JanelaRAT also monitors mouse movements, keystrokes, screenshots, and collects system metadata.

    "JanelaRAT only includes a subset of BX RAT features." According to the researchers, "the developer did not implement shell command execution or file and process manipulation functions."

    An examination of the malware's source code revealed the presence of lines in Portuguese, indicating that the author at least owns it. True, Portuguese is not only widely spoken in Portugal; it is also spoken by the majority of people in a dozen other countries. As a result, accurately identifying the attacker's country is difficult.

    VirusTotal received the malicious VBScript used in the attack primarily from Chile, Colombia, and Mexico.

    "The use of original or modified RATs is a common practice among Latin American attackers." "The researchers note that JanelaRAT's focus on collecting financial data, as well as the method of extracting window titles, highlight its targeted and secretive nature."

    Author DeepWeb
    Discover Your Go-To Source For The Latest Cyber News Websites And Best News Sources
    Inside the Dark Web Economy: The Shocking Value of Your Personal Information

    Comments 0

    Add comment