Zscaler team discover threat actor targeting LATAM FinTechs

Zscaler ThreatLabz are conducting further analysis into a new malware, JanelaRAT, which is stealing financial and cryptocurrency data in LATAM

Cloud cybersecurity company Zscaler has released information on a cyber threat that is targeting FinTech users within Latin America (LATAM). 

The malware, named by the company JanelaRAT, is described as a repurposed BX Rat variant and aims to harvest LATAM financial data and is capable of capturing sensitive information from Microsoft Windows systems.

Zscaler has described JanelaRAT as a “significant threat” and operates with multiple cyber tactics, including DLL side-loading, dynamic C2 infrastructure and a multi-stage style of attack.

Financial institutions continually targeted by cybercriminals to exploit data

Aiming to accelerate enterprise digital transformation, Zscaler aims to strengthen security postures from all angles. It works to prevent all types of cyber threats and data breaches by providing users with fast and reliable zero trust connectivity.

The malware was first identified in June 2023 by Zscaler and primarily targets financial and cryptocurrency data from banks and financial institutions within LATAM. It has become clear that the threat actor speaks Portuguese as the malware strings and metadata that has been analysed by Zscaler is often written in the language.

The developer’s capabilities are very complex, with a windows titles sensibility mechanism that allows the malware to capture window title data and send it to the cyber attackers. In addition, JanelaRAT has a dynamic socket configuration system designed to be both incredibly strategic and exploitative of sensitive data.

JanelaRAT is also designed to be incredibly evasive, making it a challenge to combat. Zscaler describes in its analysis how it abuses DLL side-loading techniques from legitimate sources like VMware or Microsoft in order to avoid being detected via endpoints.

It uses a self-protection mechanism to mitigate the risk of being detected as every five seconds, the malware checks time elapsed from the system start to the last input event that occurred on the infected system. If this time exceeds 10 minutes, the malware then transitions into an idle state - where it can stay silent by not exposing suspicious behaviour.

All things considered, Zscaler believes that this malware is a new strain of BX Rat.

Cyber threats are continually on the rise worldwide, with some of the highest numbers on record. As well as traditional malware techniques, threat actors are also turning to more extreme measures to extort information or money from their victims.

Financial organisations are becoming increasingly targeted by cyber crime. One of the more prevalent examples of a cyber breach in 2023 is the hack on Revolut which saw US$20m stolen. Due to the sophistication of the attack, the company failed to notice over a period of several months.

This type of malware speaks to the importance of cybersecurity companies like Zscaler continuing to assist businesses with data protection and new up-to-date ways to protect valuable digital information.



For more insights into the world of Technology - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Technology Magazine.

Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security