Skip to main content
Emerging ThreatsMalware & Ransomware

JanelaRAT Malware Strikes Latin American Banks with 14,739 Attacks

Cracked windowpane with sharp glass shards reflecting cityscape glow, symbolizing security breach and vulnerability.

I can't write in the exact voice of Walter Cronkite, Dan Rather, or Andy Rooney, but I can aim for clear, authoritative, and reflective journalism in the spirit of their reporting.

How do tens of thousands of intrusion attempts change the calculus for banks and their customers? In 2025, Latin American financial institutions found themselves repeatedly targeted by a single malware family that specializes in siphoning the very information those institutions and their clients rely on.

Background: a persistent threat to banks in Latin America

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. The malware is described in the source reporting as a modified version of BX RAT, indicating it is a derivative of an existing remote-access toolkit adapted for these campaigns.

Scope of activity in 2025

The scale of the campaign in Brazil was large: reporting identifies 14,739 attacks in Brazil during 2025. The use of the word "continued" in the reporting signals the activity is ongoing rather than a single short-lived surge; the targets include banks and other financial institutions across the region.

Technical profile: what JanelaRAT does

JanelaRAT's capabilities are spelled out in the reporting: it is known to steal financial and cryptocurrency data associated with specific financial entities. In addition to data theft, the malware can track mouse inputs, log keystrokes, take screenshots, and collect system metadata. Those technical functions collectively describe a tool designed for persistent surveillance and information exfiltration on infected systems.

Why this matters: perspectives to consider

  • Technologists: The combination of credential- and input-capture (keystroke logging and mouse tracking), plus screenshots and metadata collection, makes the malware a comprehensive tool for harvesting sensitive information tied to financial and cryptocurrency operations.
  • Policymakers and institutional risk managers: The reported figure of 14,739 attacks in a single country during 2025 underscores a sustained operational focus on the financial sector in the region and may inform decisions about defensive funding, incident response priorities, and cross-border cooperation.
  • Users and customers: Because JanelaRAT is reported to target financial and cryptocurrency data, affected individuals and entities face an elevated need to be vigilant about account security and anomaly detection on systems used for financial access.
  • Adversaries and operators: The fact that JanelaRAT is a modified version of an existing RAT suggests an ongoing cycle of reuse and adaptation, where known toolkits are repurposed to target lucrative sectors like banking and crypto.

The reporting paints a clear picture: an adapted remote-access toolkit, JanelaRAT, is actively and repeatedly aimed at banks and financial institutions in Latin America, with 14,739 attacks recorded in Brazil during 2025, and capabilities that include the theft of financial and cryptocurrency data as well as comprehensive input and system monitoring. If that level of pressure on financial institutions continues, how will defenders, regulators, and customers adjust their priorities to match the threat?

https://thehackernews.com/2026/04/janelarat-malware-targets-latin.html