HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Banana RAT Malware Delivered via Fake Invoices Compromises Customers of 16 Brazilian Banks

A coordinated campaign is using counterfeit invoices and spoofed security‑update screens to spread the Banana RAT trojan to customers of 16 Brazilian banks, stealing credentials and exploiting QR‑code fraud. The threat highlights the need for robust third‑party risk controls around banking interactions.

LiveThreat™ Intelligence · 📅 May 20, 2026· 📰 hackread.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
hackread.com

Banana RAT Malware Delivered via Fake Invoices Compromises Customers of 16 Brazilian Banks

What Happened – A campaign using counterfeit invoices and spoofed security‑update screens has been distributing the Banana RAT remote‑access trojan to customers of 16 major Brazilian banks. The malware harvests credentials and payment data, often leveraging QR‑code fraud to exfiltrate funds.

Why It Matters for TPRM

  • Third‑party banking portals are being weaponised, exposing your organisation’s employees and clients to credential theft.
  • Successful QR‑fraud can result in direct financial loss and reputational damage for any business that processes payments through the affected banks.
  • The attack demonstrates how supply‑chain‑adjacent vectors (invoices, update prompts) can bypass traditional perimeter controls.

Who Is Affected – Financial Services (retail banking), customers of the 16 Brazilian banks, and any third‑party vendors that integrate with those banking APIs or payment flows.

Recommended Actions

  • Review contracts and security questionnaires for any banking partners operating in Brazil.
  • Enforce multi‑factor authentication for all banking‑related logins and educate users on verifying invoice authenticity.
  • Deploy email and web‑gateway anti‑phishing controls that can detect malicious QR codes and fake update screens.

Technical Notes – The payload is the Banana RAT trojan, delivered via malicious Microsoft Office documents and HTML pages masquerading as security updates. Attackers embed QR codes that redirect victims to phishing sites that capture credentials. No public CVE is associated; the vector relies on social engineering rather than a software flaw. Source: HackRead

📰 Original Source
https://hackread.com/banana-rat-malware-fake-invoices-16-brazilian-banks/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →