Zscaler team discover threat actor targeting LATAM FinTechs

Cloud cybersecurity company Zscaler has released information on a cyber threat that is targeting FinTech users within Latin America (LATAM). 

The malware, named by the company JanelaRAT, is described as a repurposed BX Rat variant and aims to harvest LATAM financial data and is capable of capturing sensitive information from Microsoft Windows systems.

Zscaler has described JanelaRAT as a “significant threat” and operates with multiple cyber tactics, including DLL side-loading, dynamic C2 infrastructure and a multi-stage style of attack.

Financial institutions continually targeted by cybercriminals to exploit data

Aiming to accelerate enterprise digital transformation, Zscaler aims to strengthen security postures from all angles. It works to prevent all types of cyber threats and data breaches by providing users with fast and reliable zero trust connectivity.

The malware was first identified in June 2023 by Zscaler and primarily targets financial and cryptocurrency data from banks and financial institutions within LATAM. It has become clear that the threat actor speaks Portuguese as the malware strings and metadata that has been analysed by Zscaler is often written in the language.

The developer’s capabilities are very complex, with a windows titles sensibility mechanism that allows the malware to capture window title data and send it to the cyber attackers. In addition, JanelaRAT has a dynamic socket configuration system designed to be both incredibly strategic and exploitative of sensitive data.

JanelaRAT is also designed to be incredibly evasive, making it a challenge to combat. Zscaler describes in its analysis how it abuses DLL side-loading techniques from legitimate sources like VMware or Microsoft in order to avoid being detected via endpoints.

It uses a self-protection mechanism to mitigate the risk of being detected as every five seconds, the malware checks time elapsed from the system start to the last input event that occurred on the infected system. If this time exceeds 10 minutes, the malware then transitions into an idle state - where it can stay silent by not exposing suspicious behaviour.

All things considered, Zscaler believes that this malware is a new strain of BX Rat.

Cyber threats are continually on the rise worldwide, with some of the highest numbers on record. As well as traditional malware techniques, threat actors are also turning to more extreme measures to extort information or money from their victims.

Financial organisations are becoming increasingly targeted by cyber crime. One of the more prevalent examples of a cyber breach in 2023 is the hack on Revolut which saw US$20m stolen. Due to the sophistication of the attack, the company failed to notice over a period of several months.

This type of malware speaks to the importance of cybersecurity companies like Zscaler continuing to assist businesses with data protection and new up-to-date ways to protect valuable digital information.

******

For more insights into the world of Technology - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Technology Magazine.

Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.