Users in Latin America (LATAM) are the target of a financial malware called
JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems.
"JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh
said, adding it "abuses DLL side-loading techniques from legitimate sources (like VMWare and Microsoft) to evade endpoint detection."
The exact starting point of the infection chain is unclear, but the cybersecurity company, which discovered the campaign in June 2023, said the unknown vector is used to deliver a ZIP archive file containing a Visual Basic Script.