JanelaRAT: a financial threat targeting users in Latin America

JanelaRAT is an actively evolving banking-targeted RAT used in large malspam campaigns against Latin American users (notably Brazil and Mexico); it uses MSI droppers and DLL sideloading to persist and execute a .NET backdoor that performs real-time session hijacking via full-screen overlays, input injection, keylogging, screenshot exfiltration, and dynamic (date-rotating) C2 channels with anti-analysis and obfuscation techniques—telemetry shows thousands of infections and the report includes technical behavior, persistence details, mitigation advice (block DDNS), and IOCs.