Peeling back Banana RAT.

Trend Micro MDR uncovered the full operation behind Banana RAT (SHADOW-WATER-063), a sophisticated banking trojan targeting Brazilian banks that uses fileless PowerShell, layered obfuscation, and remote-control functionality to steal credentials, manipulate sessions, and intercept Pix QR payments; the campaign appears operated by a Brazilian Portuguese-speaking group linked to the Tetrade ecosystem and may be shifting toward a malware-as-a-service model.