JanelaRAT an Advanced Banking Trojan Targeting Financial Users

JanelaRAT is an evolving Remote Access Trojan targeting financial users in Latin America using multi stage infection chains, phishing and DLL sideloading to steal banking and cryptocurrency data while employing evasion, persistence and interactive techniques to bypass security controls.

Pulse ID: 69e48460c771926e0e7231bc
Pulse Link: https://otx.alienvault.com/pulse/69e48460c771926e0e7231bc
Pulse Author: cryptocti
Created: 2026-04-19 07:29:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #CyberSecurity #InfoSec #LatinAmerica #OTX #OpenThreatExchange #Phishing #RAT #RemoteAccessTrojan #SideLoading #Trojan #bot #cryptocurrency #cryptocti

Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns

BlueVoyant researchers have uncovered a broad, multi-pronged phishing campaign targeting Spanish-speaking users in organizations across Latin America and now Europe as well. While recent industry intelligence heavily documented attacks utilizing WhatsApp to deliver banking trojans under the umbrella of the Brazil-based eCrime group Augmented Marauder (a.k.a. Water Saci)

Pulse ID: 69cd1d262a834decd25abb14
Pulse Link: https://otx.alienvault.com/pulse/69cd1d262a834decd25abb14
Pulse Author: AlienVault
Created: 2026-04-01 13:27:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #CyberSecurity #Europe #InfoSec #LatinAmerica #OTX #OpenThreatExchange #Phishing #Trojan #WhatsApp #bot #AlienVault

Albiriox: il malware Android che svuota i conti correnti
#Albiriox #Android #App #BankingTrojan #CyberSecurity #Frode #GooglePlayProtect #MaaS #MalwareAndroid #Sicurezza #TechNews #Tecnologia #Trojan #Truffa

https://www.ceotech.it/albiriox-il-malware-android-che-svuota-i-conti-correnti/

🚨 Alert: The new #EternidadeStealer is using WhatsApp to spread malicious files to steal banking and crypto data from users. Watch out and don’t open unexpected attachments, plus verify messages from contacts.

Read: https://hackread.com/eternidade-stealer-whatsapp-steal-banking-data/

#CyberSecurity #Malware #WhatsApp #BankingTrojan #InfoSec

📰 Herodotus Android Malware Mimics Human Typing to Bypass Biometric Security

🤖 New "Herodotus" Android banking trojan mimics human typing to bypass biometric security! Sold as MaaS, it takes over devices to steal from banking & crypto apps. Active in Italy & Brazil. #Android #Malware #BankingTrojan #MobileSecurity

🔗 https://cyber.netsecops.io/articles/herodotus-android-malware-mimics-human-typing-to-evade-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Android malware alert: Mobdro Pro IP TV + VPN installs Klopatra banking Trojan, compromising devices and banking credentials.

More info: https://www.technadu.com/fake-vpn-spreads-malware-targeting-android-banking-accounts/611164/

#AndroidSecurity #CyberSecurity #BankingTrojan #MobileSecurity #VPN #TechNadu

ERMAC V3.0's source code leak reveals a crafty banking trojan overlaying fake forms on trusted apps—and its glaring vulnerabilities could reshape cyber defenses. How safe are your apps?

https://thedefendopsdiaries.com/unveiling-ermac-v30-a-deep-dive-into-the-android-malware-source-code-leak/

#ermacv3
#androidmalware
#cybersecurity
#bankingtrojan
#malwareanalysis

Mekotio banking trojan resurges in Latin America, targeting financial systems. Delivered via phishing emails, it steals banking credentials, captures screenshots, logs keystrokes, and maintains persistence. Primarily affecting Brazil, Chile, Mexico, Spain, and Peru, Mekotio employs sophisticated social engineering tactics. Users should practice email security and verify sender identities to mitigate risks.

#Mekotio #BankingTrojan #CyberSecurity #PhishingAttacks #FinancialFraud #GeneratedByAI

https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html

Kaspersky describes the new banking trojan, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection (exploiting bugs in the Android manifest extraction and parsing procedure). They describe the features and functionality for SoumniBot. Its success is due to insufficiently strict validations in the Android manifest parser code. IOC provided. 🔗 https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/

#SoumniBot #IOC #threatintel #bankingtrojan #malware