This week, we are joined by Tom Kellermann, TrendAI's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud." Researchers from TrendAI's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems.

The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The campaign appears to be operated by a Brazilian Portuguese-speaking cybercriminal group with ties to the broader Tetrade banking malware ecosystem and may be evolving toward a malware-as-a-service model.

The research and executive brief can be found here:

⁠Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud

Learn more about your ad choices. Visit megaphone.fm/adchoices

Podden och tillhörande omslagsbild på den här sidan tillhör N2K Networks. Innehållet i podden är skapat av N2K Networks och inte av, eller tillsammans med, Poddtoppen.