"The Rust code structure presents patterns suggesting a developer familiar with the capabilities of existing Latin American banking trojans, but who used generative AI to rewrite and expand these functionalities in Rust, a language that requires significant technical experience to use at the observed level of sophistication."
"What makes VENON notable is that it shares behaviors that are consistent with established banking trojans targeting the region, such as Grandoreiro, Mekotio, and Coyote, specifically when it comes to features like banking overlay logic, active window monitoring, and a shortcut (LNK) hijacking mechanism."
"VENON is distributed by means of a sophisticated infection chain that uses DLL side-loading to launch a malicious DLL. It's suspected that the campaign leverages social engineering ploys like ClickFix to trick users into downloading a ZIP archive containing the payloads by means of a PowerShell script."
VENON is a Windows-targeting banking malware discovered last month and codenamed by Brazilian cybersecurity firm ZenoX. Written in Rust, it represents a departure from typical Delphi-based malware in the Latin American cybercrime ecosystem. The malware exhibits behaviors consistent with established banking trojans like Grandoreiro, Mekotio, and Coyote, including banking overlay logic, active window monitoring, and LNK hijacking mechanisms. An earlier version from January 2026 exposed development paths referencing username "byst4," suggesting the developer used generative AI to rewrite existing trojan functionalities in Rust. VENON distributes through sophisticated infection chains using DLL side-loading and social engineering tactics like ClickFix. Upon execution, it performs nine evasion techniques including anti-sandbox checks, indirect syscalls, ETW bypass, and AMSI bypass before initiating malicious actions.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]