Rust-Based VENON Malware Targets 33 Brazilian Banks
- Thanh Hoang

- Mar 13
- 2 min read
A newly discovered malware campaign is targeting customers of 33 banks in Brazil. The malware, known as VENON malware, is designed to steal banking credentials and sensitive financial information from victims.
According to a report published by The Hacker News, VENON is a banking trojan that operates on the Microsoft Windows operating system. The malware monitors online banking activity and attempts to capture login credentials when users access financial services.

Rust-Based Malware: A Growing Trend
One notable aspect of VENON is that it is developed using the Rust programming language.
In recent years, Rust has increasingly been used in malware development due to its performance advantages, memory safety features, and the added difficulty it presents for security analysts attempting to reverse engineer malicious code.
Historically, many banking trojans in the Latin American region were written in Delphi. The shift toward Rust suggests that cybercriminals are adapting their development techniques to evade traditional detection methods.
How the VENON Malware Works
Once installed on a victim’s system, the VENON malware performs several malicious actions designed to steal banking credentials, including:
Monitoring active banking application windows
Displaying fake banking overlays to trick users into entering login credentials
Capturing sensitive data such as usernames, passwords, and account information
This overlay technique is commonly used by banking trojans because it allows attackers to intercept credentials while users are interacting with legitimate banking services.

Infection Chain
Security researchers indicate that the VENON campaign typically begins with social engineering tactics that trick users into downloading malicious files.
The attack chain may include the following steps:
Victims download a malicious ZIP archive
A PowerShell script executes to retrieve additional payloads
Attackers use DLL side-loading to execute the malware
The VENON trojan is installed and begins monitoring the system
Increasingly Sophisticated Malware
The emergence of VENON highlights a broader trend in the cybersecurity landscape: malware is being developed with more advanced technologies and increasingly sophisticated techniques.
Researchers have also suggested that parts of the malware code may have been generated or assisted by AI tools, indicating that cybercriminals are leveraging modern technologies to accelerate malware development.
Although the current campaign primarily targets users in Brazil, security experts warn that similar techniques could be adopted in other regions worldwide.
Security Recommendations
To reduce the risk of infection from banking trojans and other forms of malware, users and organizations should:
Avoid downloading files from untrusted sources
Keep operating systems and security software up to date
Use endpoint protection and security monitoring solutions
Be cautious when opening suspicious email attachments or links
References: Ravie Lakshmanan (2026), Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays










Comments