top of page

Rust-Based VENON Malware Targets 33 Brazilian Banks

A newly discovered malware campaign is targeting customers of 33 banks in Brazil. The malware, known as VENON malware, is designed to steal banking credentials and sensitive financial information from victims.

According to a report published by The Hacker News, VENON is a banking trojan that operates on the Microsoft Windows operating system. The malware monitors online banking activity and attempts to capture login credentials when users access financial services.


Rust-Based VENON Malware
Rust-Based VENON Malware - Source: The Hacker News

Rust-Based Malware: A Growing Trend

One notable aspect of VENON is that it is developed using the Rust programming language.

In recent years, Rust has increasingly been used in malware development due to its performance advantages, memory safety features, and the added difficulty it presents for security analysts attempting to reverse engineer malicious code.

Historically, many banking trojans in the Latin American region were written in Delphi. The shift toward Rust suggests that cybercriminals are adapting their development techniques to evade traditional detection methods.


How the VENON Malware Works

Once installed on a victim’s system, the VENON malware performs several malicious actions designed to steal banking credentials, including:

  • Monitoring active banking application windows

  • Displaying fake banking overlays to trick users into entering login credentials

  • Capturing sensitive data such as usernames, passwords, and account information

This overlay technique is commonly used by banking trojans because it allows attackers to intercept credentials while users are interacting with legitimate banking services.


sơ đồ mô tả toàn bộ chuỗi tấn công (attack chain) của VENON malware
Diagram illustrating the entire attack chain of VENON malware - Source: The Hacker News.

Infection Chain

Security researchers indicate that the VENON campaign typically begins with social engineering tactics that trick users into downloading malicious files.

The attack chain may include the following steps:

  1. Victims download a malicious ZIP archive

  2. A PowerShell script executes to retrieve additional payloads

  3. Attackers use DLL side-loading to execute the malware

  4. The VENON trojan is installed and begins monitoring the system


Increasingly Sophisticated Malware

The emergence of VENON highlights a broader trend in the cybersecurity landscape: malware is being developed with more advanced technologies and increasingly sophisticated techniques.

Researchers have also suggested that parts of the malware code may have been generated or assisted by AI tools, indicating that cybercriminals are leveraging modern technologies to accelerate malware development.

Although the current campaign primarily targets users in Brazil, security experts warn that similar techniques could be adopted in other regions worldwide.


Security Recommendations

To reduce the risk of infection from banking trojans and other forms of malware, users and organizations should:

  • Avoid downloading files from untrusted sources

  • Keep operating systems and security software up to date

  • Use endpoint protection and security monitoring solutions

  • Be cautious when opening suspicious email attachments or links


Comments


follow ipsip vietnam.png
40051abd5a76713af8f015988fc6780e-blue-phone-icon-with-a-wave-on-it.webp
whatsapp-mobile-software-icon-png-image_6315991.png
pngtree-minimal-calendar-icon-vector-png-image_21233134.png
IPSIP logo transparent.png

IPSIP VIETNAM ONE MEMBER LIMITED LIABILITY COMPANY (IPSIP VIETNAM OMLLC)

Tax code: 0313859600

🏢 SH05.01, B4 Street, Saritown Area, An Khanh Ward, Ho Chi Minh City, Vietnam

​☎  +84 918 397 489

  • Linkedin
  • Facebook
  • TikTok
  • Email liên hệ
png-clipart-iso-iec-27001-information-security-management-iso-iec-27002-international-orga
soc 2 type ii

Our Services

Sign up to receive in-depth cybersecurity documents and news from IPSIP Vietnam.

bottom of page