JanelaRAT: A Financial Threat Targeting Users in Latin America

    Wednesday, April 15, 2026 In: Threat Research Print

    Date: 04/15/2026

    Severity: High

    Summary

    JanelaRAT is a malware family named after the Portuguese word “janela,” meaning “window.” It targets financial and cryptocurrency data from selected banks and institutions in Latin America. The malware is a modified version of BX RAT and has been active since June 2023. Unlike BX RAT, it uses a custom title bar detection method to identify specific websites in a victim’s browser. Its operators frequently enhance the infection process and update the malware with new features.

    Indicators of Compromise (IOC) List

    Domains/URLs :

    ciderurginsx.com

    Hash : 

    808c87015194c51d74356854dfb10d9e

    d7a68749635604d6d7297e4fa2530eb6

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "ciderurginsx.com" or url like "ciderurginsx.com" or siteurl like "ciderurginsx.com"

    Detection Query 2 :

    md5hash IN ("d7a68749635604d6d7297e4fa2530eb6","808c87015194c51d74356854dfb10d9e")

    Reference:  

    https://securelist.com/janelarat-financial-threat-in-latin-america/119332/    


    Tags

    MalwareRATFinancial ServicesLatin AmericaPortugalcryptocurrency

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.