What is JanelaRAT and how does it infect computers?

JanelaRAT is a financial Trojan targeting LATAM banks via phishing emails with fake invoices, leading to MSI droppers that sideload the malware for persistence and data theft.

Is JanelaRAT only a threat to Latin America?

Primarily yes, but its techniques—like DLL sideloading and browser detection—could easily adapt for global targets, especially crypto users worldwide.

How can I protect against JanelaRAT?

Verify emails, use MFA on banks, run updated antivirus, avoid unsolicited downloads—simple habits block 90% of these chains.

🦠 Ransomware & Malware

JanelaRAT: LATAM Bank Thieves' Window into Your Wallet [Analysis]

Imagine clicking a 'pending invoice' email, only for it to pry open your banking app like a digital crowbar. JanelaRAT is hitting LATAM hard, turning your PC into a thief's playground.

CVE Watch Apr 14, 2026 4 min read

Digital window cracking open to reveal banking interfaces and malware code

⚡ Key Takeaways

JanelaRAT uses MSI droppers and DLL sideloading for stealthy persistence on Windows systems. 𝕏
Custom browser title detection targets LATAM banks and crypto, enabling real-time fraud. 𝕏
Evolving chains with obfuscation show threat actors outpacing basic detection tools. 𝕏
Similar to Conficker's spread, it risks global expansion beyond Latin America. 𝕏