New JanelaRAT Malware Campaign Targets Latin American Bank Users
AI-generated from multiple sources. Verify before acting on this reporting.
MEXICO CITY — A sophisticated malware campaign known as JanelaRAT is actively targeting online banking users across Latin America, security researchers confirmed on Saturday. The remote access trojan, detected in early April 2026, is designed to facilitate financial fraud and enable real-time manipulation of infected machines.
The threat actors behind the JanelaRAT campaign have deployed the malicious software to compromise banking credentials and intercept transactions. The malware operates by establishing a persistent connection to the victim's device, allowing attackers to monitor user activity and execute commands remotely. This capability enables the perpetrators to manipulate banking sessions in real time, potentially altering transaction details or authorizing unauthorized transfers without the user's knowledge.
The campaign has been identified in multiple countries throughout the region, with a particular focus on financial institutions in Brazil, Mexico, and Colombia. The malware spreads primarily through phishing emails and compromised websites that lure users into downloading malicious attachments or visiting infected pages. Once installed, JanelaRAT integrates deeply into the operating system, evading standard detection mechanisms.
Security experts warn that the sophistication of JanelaRAT represents a significant escalation in cybercrime tactics targeting the region. Unlike previous iterations of similar malware, this version includes advanced features designed to bypass security software and maintain stealth. The attackers appear to be leveraging social engineering techniques to increase the success rate of their campaigns, tailoring messages to specific banking customers and financial sectors.
Financial institutions in the affected countries are urging customers to remain vigilant and adopt enhanced security measures. Banks are advised to implement additional authentication protocols and monitor for unusual account activity. The malware's ability to manipulate sessions in real time poses a unique challenge, as traditional fraud detection systems may not flag the activity if the user appears to be authorizing the transaction.
The exact financial impact of the campaign remains unclear, as many infections go undetected until significant losses occur. Law enforcement agencies in the region are coordinating efforts to track the threat actors and disrupt the infrastructure supporting the malware. However, the anonymity provided by the internet and the cross-border nature of the attacks complicate investigation efforts.
Researchers are continuing to analyze the malware's code to identify new indicators of compromise and develop countermeasures. The evolution of JanelaRAT suggests that threat actors are adapting quickly to security defenses, requiring constant updates to protection strategies. As the campaign progresses, the potential for widespread financial disruption remains a critical concern for businesses and individuals across Latin America.
The origin of the threat actors and their specific motivations beyond financial gain have not been disclosed. Whether the campaign is linked to organized crime syndicates or state-sponsored groups remains an open question as investigations continue.