ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil
ESET Research has been tracking a new banking trojan that has been targeting corporate users in Brazil since 2019 across many verticals affecting sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government.
This new threat, which we named Janeleiro, attempts to deceive its victims with pop-up windows designed to look like the websites of some of the biggest banks in Brazil. These pop-ups contain fake forms, aiming to trick the malware’s victims into entering their banking credentials and personal information that the malware captures and exfiltrates to its C&C servers. Janeleiro follows exactly the same blueprint for the core implementation of this technique as some of the most prominent malware families targeting the region: Casbaneiro, Grandoreiro, Mekotio, Amavaldo, and Vadokrist, among others.
In contrast to those well-known malware families, Janeleiro is written in Visual Basic .NET, a big deviation from the favored Delphi programming language that threat actors in the region have been using for years. Janeleiro has been evolving towards the objective of giving more control to the operators to manipulate and adjust its fake pop-up windows based on what they need to pull off the attack, send mouse clicks and keystrokes, and recording user input and the screen in real time. The nature of these types of attack is not characterized by their au ..
Support the originator by clicking the read the rest link below.
