VulnHub

Real-time Cybersecurity News

JanelaRAT: a financial threat targeting users in Latin America

Securelist
Actively Exploited
MalwareTrojanKaspersky

Overview

Kaspersky's GReAT team has reported on a new campaign involving JanelaRAT, a type of remote access trojan that specifically targets financial information from users in Latin America. This malware is designed to steal sensitive data, including banking credentials, by infecting victims' devices through a series of sophisticated techniques. The infection process and the functionality of the malware have both been updated, making it more dangerous than previous versions. This campaign is particularly concerning as it highlights the ongoing risks to financial security for users in the region, especially given the rise of online banking and digital transactions. Users in Latin America need to be aware of this threat and take steps to protect their financial information.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Users in Latin America, financial institutions, banking systems
  • Action Required: Users should ensure their antivirus software is up to date, avoid clicking on suspicious links, and be cautious with unsolicited emails or messages.
  • Timeline: Newly disclosed

Original Article Summary

Kaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates.

Impact

Users in Latin America, financial institutions, banking systems

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should ensure their antivirus software is up to date, avoid clicking on suspicious links, and be cautious with unsolicited emails or messages.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Trojan, Kaspersky.

Read Original Article

Related Coverage

New Booking.com data breach forces reservation PIN resets

BleepingComputer

Booking.com has reported a data breach involving unauthorized access to its systems, which has compromised sensitive reservation and user data. The company is urging affected users to reset their reservation PINs as a precautionary measure. This incident raises significant concerns for travelers who use the booking platform, as the exposed data could potentially be used for fraudulent activities. Booking.com has not disclosed the exact number of users affected or the specific data that was accessed, but the breach underscores the ongoing risks associated with online booking systems. Users are advised to monitor their accounts for any suspicious activity and to take steps to secure their information.

Apr 13, 2026

On Anthropic’s Mythos Preview and Project Glasswing

Schneier on Security

Anthropic has introduced a new AI model called Claude Mythos Preview, which has raised concerns in the cybersecurity community due to its potential for cyberattack capabilities. To mitigate these risks, Anthropic is not releasing the model to the public and has initiated Project Glasswing. This project aims to test the model against a variety of software—both public and proprietary—to identify and fix vulnerabilities before they can be exploited by malicious actors. The focus on preemptively addressing weaknesses highlights the growing intersection of AI technology and cybersecurity. As AI models become more advanced, the potential for misuse increases, making it crucial for companies to stay ahead of potential threats.

Apr 13, 2026

Mirax Android Trojan Turns Devices Into Residential Proxy Nodes

Infosecurity Magazine

Security researchers have identified a new Android banking trojan called Mirax, which is targeting users across Europe. This malware utilizes a method known as Malware-as-a-Service (MaaS) to infect devices, allowing cybercriminals to gain remote access and turn affected smartphones into residential proxy nodes. By doing this, attackers can route their malicious activities through the compromised devices, making it harder to trace their actions back to them. This poses a significant risk to users, as their personal data and banking information could be at risk. The emergence of Mirax highlights ongoing vulnerabilities in mobile security and the need for users to remain vigilant against such threats.

Apr 13, 2026

Booking.com Says Hackers Accessed User Information

SecurityWeek

Booking.com has reported that hackers gained access to user information, although the company has not disclosed how many customers were affected. They have stated that the situation has been contained, but specifics about the type of data compromised remain unclear. This incident raises concerns for users who may have shared sensitive booking details on the platform. Protecting user data is crucial for maintaining trust in online services, especially in industries like travel where personal information is frequently exchanged. Booking.com will likely need to assess its security measures to prevent future breaches and reassure customers about their data safety.

Apr 13, 2026

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

BleepingComputer

A new infostealer called 'Storm' has emerged, capable of hijacking user sessions by decrypting data on the server side rather than locally. This technique allows attackers to bypass traditional security measures like passwords and multi-factor authentication (MFA). Researchers from Varonis have demonstrated how the infostealer sends sensitive browser data directly to the attackers' servers, raising significant concerns about user privacy and account security. The implications are serious, as organizations relying on standard security protocols may find themselves vulnerable to these sophisticated attacks. Companies should be vigilant and assess their security measures to protect against this evolving threat.

Apr 13, 2026

BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings

SecurityWeek

Recent allegations suggest that Microsoft is engaging in corporate espionage through its LinkedIn browser extension, raising concerns about user privacy. However, security researchers are analyzing these claims and have found mixed results regarding the extent of data collection by the extension. While some users are worried about their information being tracked or misused, the research indicates that the data collection practices may not be as invasive as initially claimed. This debate over LinkedIn's data handling practices is crucial as it could impact user trust and privacy standards across similar platforms. Understanding the reality behind these accusations is important for users who rely on LinkedIn for networking and job opportunities.

Apr 13, 2026