Financial institutions across Latin America are facing an escalating threat from JanelaRAT, a sophisticated malware variant that has emerged as a significant cybersecurity challenge in the region. Brazil has been hit particularly hard, experiencing over 14,700 attacks in 2025 alone, with Mexico also reporting substantial targeting by the malicious software.
JanelaRAT, a derivative of the BX RAT malware family, has been engineered specifically to compromise banking and financial services operations. The threat goes beyond simple credential theft—the malware is designed to capture sensitive financial and cryptocurrency data tied to specific financial institutions, giving attackers direct access to valuable assets and customer information.
The attack vector extends far beyond basic data harvesting. Security researchers have identified that JanelaRAT employs multiple invasive techniques to maintain persistent access and extract intelligence from compromised systems. The malware monitors mouse movements in real-time, records all keyboard inputs, captures screenshots of user activity, and harvests critical system metadata that can be leveraged for further attacks or sold on underground markets.
The targeted nature of these attacks suggests a well-organized threat actor group with detailed knowledge of Latin American banking infrastructure. Rather than deploying indiscriminate attacks, the operators behind JanelaRAT focus specifically on major financial entities, indicating either state-sponsored activity or highly motivated cybercriminal organizations with specialized expertise in the financial sector.
Financial institutions in the region are urged to implement enhanced endpoint detection and response systems, conduct regular security awareness training for staff, and deploy advanced threat intelligence platforms capable of identifying JanelaRAT signatures. The sheer volume of attacks—particularly the concentration in Brazil—demonstrates that traditional security measures may prove insufficient against this threat.
As Latin American banks continue strengthening their defenses, security experts emphasize the importance of rapid threat intelligence sharing between institutions and collaboration with regional cybersecurity agencies to combat this persistent menace.