cyber security experts Kaspersky revealed a newly updated version WindowRAT Malware that actively targets online banking users in Latin America. Researchers from the company’s Global Research and Analysis Team (GReAT) detected the threat after disguising it as a harmless pixel art program. This latest iteration builds on previous campaigns, focusing on customers of large financial institutions. Brazil and Mexico.
Kaspersky also stated that JanelaRAT belongs to the family of Remote Access Trojans (RATs). It is a heavily customized sequel to the BX RAT, first spotted in 2014.
The creators of the malware have long focused on Latin American victims involved in banking, fintech and cryptocurrency services. Attackers do this through a multi-step process that typically starts with phishing messages.
These emails often contain archived files containing malicious Visual Basic Scripting (VBS) components.
Once opened, malware The DLL installs itself using a technique known as sideloading, allowing it to run silently in the background.
What makes the new variant particularly dangerous is its ability to hijack live broadcasts. banking logins instead of stealing passwords
The Trojan constantly monitors the victim’s screen activity. It takes action when it detects a banking website or application window.
Attackers can publish a custom full-screen overlay image that perfectly mimics the legitimate bank interface or even a Windows system screen.
This layer blocks normal mouse and keyboard interaction when displaying fake dialogs.
These prompts may ask for passwords, one-time tokens, or multi-factor authentication codes. Other tricks include fake loading animations or full-screen “Windows update” alerts designed to distract users and prevent them from noticing the scam.
The malware also cleverly adapts to multi-monitor setups, resizing its layers and hiding legitimate windows to maintain the illusion.
It monitors user routines, waiting for moments of inactivity before initiating remote commands.
This includes taking screenshots, recording keystrokes, simulating mouse clicks, and even shutting down the system if necessary. All data It gets back to attackers via encrypted channels and gives them real-time control.
By the way According to Kaspersky’s 2025 telemetry, the campaign attempted 14,739 attacks in Brazil and 11,695 in Brazil. Mexican.
These figures show a continued focus on the region’s growing digital banking sector.
Security researcher Maria Isabel Manjarez Kaspersky noted from GReAT that the group behind JanelaRAT continues to improve both the malware and its distribution methods.
The latest changes add multiple communication paths, deeper system monitoring, and advanced anti-detection features that help it evade banking security tools.
Users must always be alert to protect themselves. They need to train themselves to avoid opening unexpected email attachments or files received via messaging. applications. Additionally, enabling the display of file extensions in Windows settings can help detect suspicious files ending in .exe, .vbs, or .scr.
a suitable security A solution with real-time protection is as important as skepticism towards seemingly urgent bank or store notifications. Individuals can reduce the risk of falling victim to these financial attacks by staying alert and using the most up-to-date defenses when interacting with various applications online. threats.
