The Janeleiro banking trojan is back with new capabilities and has started attacking new victims.
According to sources, researchers recently discovered the banking trojan targeting corporates in Brazil. Janeleiro gained popularity in early 2018 but went underground thereafter. However, it is now being used again to launch campaigns to steal funds from banks.
Janeleiro banking trojan returns
According to an advisory published by ESET, Janeleiro has been involved in multiple cyberattacks since its inception. Reports claim that the trojan is widely used to attack various sectors and doesn’t follow a linear path.
While the trojan has earlier attacked the healthcare, engineering, retail, finance, and manufacturing sectors, the new version explicitly targets banking institutions and government authorities in Brazil.
Janeleiro shares similarities with popular banking trojans of the underground markets and is currently operating from nations such as Casbaneiro and Grandoreiro, as highlithed in the ESET advisory. In one instance, researchers found that the trojan was written in .NET rather than Delphi, which is more commonly used.
The trojan also uses phishing email tactics to target victims and thrives by link insertions to compromised servers and a .zip archive hosted in the cloud. A big part of why the trojan successfully infiltrates big companies is its clever way of fooling victims.
When the victim unzips the archive file, the main Trojan DLL is loaded via a Windows-based MSI installer. The trojan will then check the IP address’s geolocation and leave if it is not in Brazil. Once the test is successful, the trojan collects operating system information and fetches the address of its command-and-control server from a dedicated GitHub page.
Why are banking trojans a threat to society?
Banking Trojans are malware designed to steal sensitive financial information, such as login credentials for online bank accounts and credit card numbers. These types of threats can be extremely harmful to both individuals and organizations because they can result in the loss of significant amounts of money.
In addition to the financial impact, these attacks can also have other consequences, such as damaging an individual’s or organization’s reputation and causing a loss of trust in online financial transactions.
Banking Trojans can also facilitate other types of cybercrimes, such as ransomware attacks or the theft of sensitive data. Overall, these types of threats can have serious consequences for both individuals and society as a whole.