New Rust-based banking malware ‘VENON’ targets Brazilian users

A new banking malware, codenamed VENON, has been discovered targeting users in Brazil. Written in Rust, this variant marks a significant shift from the Delphi-based malware commonly seen in the region. VENON exhibits behaviors similar to established banking trojans like Grandoreiro and Mekotio, including banking overlay logic and active window monitoring, as reported by The Hacker News.

VENON, first identified last month by Brazilian cybersecurity company ZenoX, infects Windows systems and employs a sophisticated infection chain involving DLL side-loading. It uses social engineering tactics, likely through ZIP archives delivered via PowerShell scripts, to trick users into execution. The malware incorporates nine evasion techniques, such as anti-sandbox and AMSI bypasses, before establishing a WebSocket connection to its command-and-control server.

It specifically targets 33 financial institutions and digital asset platforms by replacing legitimate shortcuts for applications like Itaú with malicious ones to steal credentials through fake overlays. An earlier version of the malware, dated January 2026, revealed developer paths referencing the username "byst4." The malware's code structure shows signs of potential AI assistance in its development, ZenoX said.

Source: The Hacker News