CyberWire Daily - Peeling back Banana RAT. [Research Saturday]
Episode Date: June 20, 2026This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud." ...Researchers from Trend Micro's MDR team uncovered the full operation behind Banana RAT, a sophisticated banking trojan they track as SHADOW-WATER-063, by analyzing both attacker infrastructure and infected victim systems. The malware uses fileless PowerShell execution, layered obfuscation, and remote-control capabilities to steal credentials, manipulate banking sessions, intercept Pix QR code payments, and facilitate financial fraud targeting Brazilian banks. The campaign appears to be operated by a Brazilian Portuguese-speaking cybercriminal group with ties to the broader Tetrade banking malware ecosystem and may be evolving toward a malware-as-a-service model. The research and executive brief can be found here: Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Looking to understand the cybersecurity risks emerging beyond Earth's atmosphere?
In the weekly Signals in Space newsletter, T-minus host Maria Vermazas and producer Ethan Cook connect the dots between terrestrial infrastructure and the growing attack surface in space.
Each week, you'll get the latest space cyber headlines, direct access to the week's T-minus podcast conversation, plus everything.
expert insights and resources to help security professionals better understand this rapidly evolving
domain. Space systems are becoming critical infrastructure. Signals in space helps you stay ahead of the
threats shaping the next frontier. Subscribe now to the Signals and Space newsletter.
AI was supposed to take over the parts of the job you hate. Turns out, it made your job even
harder. Instead of doing the work, it gave you homework. Service Now's AI
specialists get work done from start to finish. Cases get resolved, loops get closed. With Service Now,
you can do the parts of your job you're best at and delegate the rest. To put AI to work for people,
visit ServiceNow.com. Hello everyone and welcome to the CyberWire's Research Saturday. I'm Dave Bittner,
and this is our weekly conversation with researchers and analysts tracking down the threats and
vulnerabilities, solving some of the hard problems and protecting ourselves in our rapidly evolving
cyberspace. Thanks for joining us.
We've been following some of the significant Brazilian cybercrime cartels for a while,
and Shadowwater 63 is one of them. And as a result, we recognize this as a very elegant payload,
which had the capacity to bypass bank security mechanisms as well as payment system mechanisms.
That's Tom Kellerman, VP of AI security and threat.
research at Trend Micro. The research we're discussing today is titled Inside Shadowwater
063's Banana Rat, from build server to banking fraud. Now, one of the things that caught my eye
in this research, most incident responders will see one side of an attack. But in this case,
you all recovered both the attacker infrastructure and the victim's side of the malware.
Is it unusual to have that breadth of view into something like this?
Not any longer.
In the last few years, we've invested heavily on our MDR and IRRA practice,
which is global in nature as well.
And so that complements our threat research community within Trendi,
trend AI, where we can cover both sides of the spectrum,
and that's one reason why we are partners with Interpol
through the Fusion Center in Singapore.
Gotcha.
Well, before we dig into some of the technical elements,
is here. Describe for us what exactly banana rat is and what they're up to.
Well, what I found fascinating about Shadow Waters' payload here is that, you know, essentially
they targeted 16 Brazilian financial institutions and crypto exchanges with this. The lure came
through WhatsApp. It would download a malicious batch file. It was polymorphic in nature,
staged in delivery in memory, and they had encrypted commanding control. The Maurer used layer
officiation techniques like AES rap payloads and fileless power show, and it bypassed most EDR and
MDR capabilities of some of the banks that weren't using our technologies. Most importantly, though,
I'd say this, the RAT allowed for full remote fraud and surveillance of the victim. So real-time screen
streaming, bank-aware overlay injection, QR, PICS transaction manipulation, continuous logging to enable
interactive credential theft as well as proximity settings to pick up ambient noise.
And from the financial sector perspective, it underscores what I learned years ago when I was
at the World Bank, which is the Brazilian cyber cartels are highly sophisticated because of a historical
reason, which I find interesting.
And I think it might be important for your audience to hear this.
Brazil and Argentina went through hyperinflation back in the 80s and 90s.
And as a result, they moved to the American dollar.
and the World Bank and IMF then began connecting those banks in Brazil like Bordesco and Itaou to the internet first.
And so they were first movers in electronic finance.
And as a result, a Brazilian organized crime got into hacking because money was digital far earlier than many of the other Latin American countries organized crime populations.
No, that's a really interesting insight. I was not aware of that detail.
Let's stick into the attack itself.
How does a victim first encounter this malware and what happens?
So essentially they would receive a phishing URL via WhatsApp or through traditional email.
And immediately the malware would operationalize through a payload generation and stage delivery in memory.
And what they would see would basically be a brand of the bank that they're using on their screen
that said there was a security update that was needed in order to serve that their device
and their banking transactions would be secure.
And once they essentially clicked on that,
they had full and complete control.
Can you describe for us what is the breadth of the control that they have here?
What were the capabilities?
Like I was describing, you know,
they have a banking-aware overlay injection.
They can real-time screen, stream,
everything that's being shown and visualized by the operator.
They had QR and Picks transaction manipulation capabilities
and advanced key logging.
I would say that of all the major cybercrime cartels
hunting the financial sector,
this is one of the better ones.
Definitely in the top five, I'd say in the world,
this shadow water 63 group.
The best ones, though, are definitely Russians.
And we really should underscore
that the majority of successful attacks
against financial institutions
are leveraged by a cadre of Russian cybercrime cartels,
like Void Rabasou, Laundrieu, Laundrieve,
Evil Corp and Void by LAR.
Well, let's talk about the server-side tooling here.
What did you all discover about the attacker's infrastructure?
Well, I thought it was interesting that their malicious CC infrastructure is still active
and publicly accessible over Port 80, exposing a number of endpoints,
fused for payload staging.
And it was very much symbolic of the fact that this is a Brazilian cartel in nature.
and I would say that once again,
I've never seen such a sophisticated attack
leveraged by these groups before
because of the way that they offuscated
through memory injection
and as well as that they used different forms
of encryption to essentially overlay
and ensure that they had offuscation payloads
are wrapped.
You describe a polymorphic build system.
Can you describe for our listeners what that means?
Yeah, the stages of attack were built, literally from reconnaissance, the delivery to lateral movement,
not just on the offuscation stages of lateral movement, but also in terms of bypassing traditional EDR technologies.
And so we were very impressed.
But I went concerned now because of the scourge of banking fraud that's occurring across South America
and how that's increasing in nature where you're seeing connective tissue between Brazilian cybercrime cartels and Russian cybercrime cartels.
And there's more and more collaboration and cooperation going on than ever seen before between
these groups, which we didn't include in this report.
We will be covering some of that in a modern-day Bankhouse report than we'll be putting out
later on this summer.
So, I guess, I mean, obviously generating a unique payload for every victim really complicates
detection efforts.
That definitely does.
And they've learned from the defensive countermeasures put in place by the financial
institutions.
And I also thought it was intriguing that they were using WhatsApp as a delivery
mechanism.
I would say in the long one, what can be done best here is that we really need to advance
the nature of continuous threat hunting within banking infrastructure.
And that the large school payment systems of the world, especially in Brazil,
need to pay much closer attention to how they're defending themselves from within.
With AI and then the utility of AI by adversaries in today's world, it just allows them to
automate and orchestrate campaigns in real time in a continuous fashion, as you well know.
And so everyone should just kind of view AI as a dormant C and a dormant command of control.
If you're not securing your AI infrastructure, you should just assume that it's going to be
compromised and used against you at some point.
Now, you describe the analytics dashboard that the attackers were using here.
What did that reveal about how these operators were managing their campaigns?
Well, in a very distributed fashion, frankly, and what became most concerning to me was the nature in which that they continued to conduct secondary infections, which is going to be coming out in a secondary report.
It really reminded me of the mechanisms and tactics used by laundry bear, if you're familiar, or Evocorp back in the day.
Well, so I think a lot of folks think of malware as being automated.
how much was this campaign automated
or how much was driven by a remote human operator in real time?
I think it was a blend of both.
But what's concerning to me now
is you're saying the jailbreaking of LLMs to abuse them
and misuse them is becoming more pernicious.
And one thing that we're going to be revealing studies on soon
is the fact that steganography is making a comeback
in some of these communities.
You're well aware of what steganography.
is, but the invisible prompt injections that can allow for steganography to be leveraged through
essentially photos or video files is becoming more and more pernicious. And it really does allow
for that secondary C2 to be on a sleep cycle. I think going forward as a community, we need to
start paying attention to two things, one of which is AI should always be considered essentially
a C2 unless you're actively securing it. And then most importantly that steganography and
secondary forms of command and control that are on sleep cycles are the future, much like we saw
in the past from like an espionage level of attacks, whether it was APT 29 or Turla, who pioneered
the use of steganography decades ago. I think that's becoming mainstream. And I'd love to hear
more from you. Have you actually interviewed anyone recently to discuss stego or the use of stego or
how AI enabled stego is becoming problematic? Because I would love to hear from them and their
research as well. Yeah, you know, I haven't spoken to anyone specifically, recently about
steganography, really since we leapt into this new AI world. What I was thinking of, as you
were describing it, actually, it was a story earlier this week about some folks who were
hiding their command and control in Aski art of all things.
That's brilliant. Yeah, right?
If I may, that's sexy.
That's what I'm talking about.
It's kind of retro, right?
It's retro, but it works.
No, it's definitely quite interesting.
And, you know, the banks in general are also being challenged by the fact that, you know,
authorization and two-factor authentication are being bypassed by defaic technology.
In the upcoming modern-day bank I study that we're going to be releasing in August,
we're really looking at trends of deeper forms of e-fraud, fraud that,
that haven't really been appreciated before.
As you and I both know,
that most valuable information
that the financial institution isn't necessarily
the wire transfer fraud.
It's the non-public market information.
So we're trying to get our heads around
whether or not you're seeing a trend
of digital front-running,
you know, attacks that are meant to steal
material non-public market information
or even manipulate that information.
One thing that was discovered years ago,
that a number of us in the financial sector noticed,
which I think is going to become more pronounced this year,
is the construct of shocksing.
Shoxing is when you literally,
you hack a financial institution,
you maintain persistence in those systems,
you basically then short their stock,
and then you docks their non-public market material information
to the regulators about a week later,
and then to the press.
We'll be right back.
This episode is brought to you by L'Oreal Group.
Beauty is a powerful force that moves us.
That's why L'Oreal Group has built a business that is inclusive at its heart
with 100% of its brands, championing diversity.
With 25,000 professional opportunities for people under 30 worldwide
and 54% of leading positions held by women,
diversity is a strength that helps L'Oreal Group create the best beauty products for all people.
Visit L'Oreal.com to learn more.
Rises knows a thing or two about great combinations.
Chocolate and peanut butter, obviously,
but there's more than one way to Rhesus.
From indulgent Riesces big cups with caramel
to crunchy Riesces pieces and Riesce's miniatures,
there's a delicious Rhes for every mood.
It's the same combo you love,
just with more ways to enjoy it.
So whether you're snacking, sharing,
or just treating yourself,
nothing else is Rises.
So you're shorting and doxing.
I think different forms of market manipulation because of these advanced forms of persistence,
as illustrated by banana rat and others, this type of rat could be used for a multitude of things
that go far beyond just wire transfer fraud.
And that's what's concerning here.
I think the lesson learned here is that, A, please don't underestimate the cybercrime cartels
of Latin America, particularly the Brazilian ones.
And B, what else can be done with that level of persistence?
from a financial fraud perspective, market manipulation perspective,
even an island hopping, as I would call a perspective,
where the institution itself's infrastructure is now being used to attack their customers and constituency.
And that has already been realized in Brazil previously,
where one of their major payment systems was compromised by a group that I'm not going to name here on this interview,
and that payment system was then in turn used to attack customers, institutions throughout Brazil.
That's how significant this type of community is.
And when you start thinking about the access brokerage market, right, the access minors of the world, sharing, selling, and manipulating that access to people who do understand the financial sector and the interdependencies therein, that becomes quite interesting as well.
So I hope to be able to speak to you when my report comes out, but we're doing a deep dive of both interviews with 50 CISOs in the financial sector, but also our own threat research to understand exactly what's going on.
And our threat research is going to focus on what we consider to be the top tier cybercrime cartels,
but also more importantly, much like we're discussing today,
the forms of persistence that have evolved because of AI,
much like, you know, banana rat and stego, as we discussed.
Well, Tom, just so I'm clear here,
where do you place Brazil in terms of being on the leading edge of these sorts of threats?
In other words, you mentioned how Brazil, by necessity, due to their inflation situation,
where it was ahead of the game than most of the world.
Is that true today?
Are they a canary in the coal mine, if you will?
So, great question.
And I forgot one part of that story that I should have shared.
When the country moved to the dollar and also migrated to electronic finance first in Latin America
because of the World Bank and IMF, they also gave out laptops to all the children's
schools.
Laptops they couldn't take home, but laptops they could use at schools.
So they're dealing with hyperinflation, right?
They got e-finance.
All these kids are learning computer science and schools much quicker than their neighboring
countries.
And so you basically created a population that had skills but didn't have any
gainful opportunities and legitimate jobs to go to.
So that's when the burgeoning cybercrime economy of Brazil began back in the early 2000s.
So where?
So I would put this group, specifically this group, as like the number six, I would say, of a cybercrime cartel that is specifically targeting the financial sector.
Again, I'm just want to be specific for the financial sector.
The other top players are Void Rabasou, Laundrie Bear, Void Balar, and Evil Corp, all of which who are Russian.
And they've always been the best.
But don't count the Brazilians out.
We're doing a lot of research there since we're the largest security vendor in Latin America.
and we're really trying to tie that knot
to really look at the entire cognitive attack loop,
as I'll call it,
from MDR through IR, through threat intelligence,
to see both ends of the attack.
And that's why I'm privileged to be able to speak to you today.
But I would just, I would demand more from all of us in the community
to start looking for that C2 on a sleep cycle.
And remember that these types of rats,
they could just be a hearkening of what's to come.
The report spends a good amount of time discussing PICS QR code interception.
I think that that might be a new term for folks outside of Brazil.
Can you explain to us what PICS is and why it was an important element here?
PICS, for them, it's a way of conducting transactions through their wire transfer payment systems.
And so it is, it's important if you attempt to actually infiltrate the wire transfer systems in Brazil.
I think much more needs to be done by SWIFT and other entities that govern the security standards of wire transfer of systems around the world in improving their level of security and understanding these types of threat dynamics.
I am hoping that at the FSISISAC conference that's coming up in October, is it, in Austin, that much more attention is being paid to some of these nuanced issues.
I just, again, this highlights the knowledge that this group, that this crew, that this cyber crime cartel, Shadow Water 63, already has of the interdependencies in the financial sector.
And you can't assume your adversaries don't really understand your business.
You have to presume that security through up security is over.
And I think AI enhances the level of reconnaissance and capabilities of even miscreants that are ignorant to the industry.
that they can easily, easily get sped up on any form of business
and any form of transaction patterns.
Well, let's talk about Shadowwater 63.
What was the evidence that led you to associate that operation
with Brazilian Portuguese-speaking operators?
Social engineering scripts,
near-verbeta match for the rule language used by different campaigns
that we've seen leveraged by these groups.
the command of control infrastructure itself,
the knowledge that they had of the Brazilian financial sector,
the specific campaign domain that they use,
Compete Mondial at 2026,
and just some of the TTPs, as illustrated,
that they had used before.
I mean, there are only a handful of groups in Brazil
that are operating at this level.
I would say in Latin America,
the other significant cybercrime groups,
are more than likely, you know, based in Colombia and Mexico.
Sometimes it's hard to tell because of the Spanish-speaking community,
but I think it's easier with the Portuguese community
to understand where they're coming from.
Yeah.
Well, I mean, I think at the end of the day, ultimately,
the folks out there who are doing the blocking and tackling
want to know, how do I defend against this?
You know, that's most important for them to do their job.
but then I think secondarily to that or perhaps lateral to that is the inner workings of it
so that they can better understand it and then apply that knowledge more broadly as perspective,
as insight into the greater ecosystem of what's going on and try to inform their larger, broader
defense. Does that make sense? Yeah, I'd say from a larger, broader defense,
I'd say based on all of the different myriad of actors that we've been studying here at Trend AI,
there's really five things that are necessary in 26.
They're quintessentially important.
One is, I'd say, you've got a baseline detections for AI tells,
like emoji in binary strings or foreign slang in English content.
And dashes.
You really need to embrace virtual patching now,
because there's no way you're going to be able to wait for all the patches to come out,
given the velocity and the surge of zero days out there.
I think attack path mapping needs to be conducted regularly internally,
but also when you view your attack pass,
you should be looking at your attack pass in a bidirectional flow, right?
If an adversary had a footprint or a hold within your system,
how could they leverage your infrastructure to attack your constituency?
Because that is the worst-case scenario.
And most of these cyber crime cartels, that's exactly what their goal is.
It's one thing to break into your house.
If I can break into your house, then hit all your neighbor's houses like that show, what's it called, friends and neighbors, it'll work perfectly.
I'm joking, but not joking.
You got to threat hunt continuously.
Can you use AI to enhance threat hunting for a myriad of behavioral anomys and infrastructure?
I mean, just assume compromise.
And then lastly, like kind of treat all AI.
agents as a C2 channel until you've learned how to create a governance structure that's adequate,
until you can put some guardrails on it.
I would say those are my top five takeaways for the landscape that we're in now.
But in the end, we have an entire site, TrendyEyssecurity.com.
We have an entire section on our site with updated intelligence reports with the telemetry
of the latest attacks and best practices to defend, even if you're not a customer of ours.
you can essentially go view, download, or whatever you want to scrape it,
um, on a daily basis.
I literally, I think we have at least 15 to 18 different studies coming out on a,
on a, on a weekly basis on different threat after groups and unique new campaigns,
aside from, you know, the thousands of payloads and vulnerabilities that are released every day.
So consider us, you know, a good Samaritan here and we're trying to give back.
So that's why I'm grateful to speak to you.
Yeah, for sure.
Well, looking specifically at this.
campaign, what's your advice to defenders to disrupt an operation like this?
Wow.
You know, I mean, at this point, the telemetry is already out there.
You know, the IOC associated with this rat.
Update your capabilities to defend against this group.
Presume WhatsApp communications are compromised.
I would really recommend people move off of WhatsApp in general.
Be able to filter in a better fashion.
conduct more threat hunting, if you presume you might have been compromised.
If you're operating in Brazil as a major corporation or have a subsidiary there,
expect groups like this to target you with this type of unique payload and or rat infrastructure.
Do a much better job in your business as it relates to a reverse business email compromise,
but not business compromise, not traditional Beck, but R-BEC,
where you actually might be compromised from within the accounting,
of the person who has the authority to transfer funds within your organization, CFO, a deputy CFO, or whomever,
that person's account is already compromised. You should have secondary forms of out-of-band verification
for that. When it comes to Stego, and I think where Stego is going, because I do think,
even though it's not being used in this attack, it is a harbinger of how Stego is going to be used
quickly in new forms of rats, invisible prompt injections. So do you have the capacity?
to essentially prevent prompt injection at the network level,
and can you ascertain whether or not that's occurred?
From a two-factor authentication perspective
and just an authorization perspective,
do you have the capacity to have deep fake identification
by a computer vision algorithms
because that's where this is also going next
as we see it in today's world?
And do you have query generation assistance for your XDR,
whatever platform or SIM that you're using
to help your security analysts move faster, react faster,
because it really bothers me as a former threat hunter
and security analyst with a World Bank back in the day.
When it happens, especially with the world of AI
where it's faster and more powerful,
do you really have the time to figure out what prompt you should be using
to understand the TTPs and IOCs in real-time?
Wouldn't it be great if you had AI assisting you
in conducting that investigation and or that front?
and then I would really stress this
and however it sounds,
it sounds,
make sure that whoever you're doing business with
truly has global threat intelligence.
You can't live on an island out here.
You know, the world is global.
The greatest threat actors in cyber are overseas.
They are hunting entire industries.
They specialize in specific industries
and threats to one industry
can spread through that industry in systemic fashion
as we will depict
and describe in the modern bank guys report.
Our thanks to Tom Kellerman from Trend Micro for joining us.
The research is titled Inside Shadowwater 063's Banana Rat,
from Build Server to Banking Fraud.
We'll have a link in the show notes.
And that's Research Saturday, brought to you by N2K Cyberwire.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to Cyberwire at n2K.com.
This episode was produced by Liz Stokes.
We're mixed by Elliot Peltzman and Trey Hester.
Our executive producer is Jennifer Ibin.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next time.
Are you one of those media strategy people clicking through slides, scrolling spreadsheets?
Yes? Good. This is for you. Because on Spotify, there's an audience that's different. Locked in. Loyal, invested. They're called fans. Fans don't just listen to music. They feel seen by it like it belongs to them. So when your brand shows up on Spotify, that's who you're talking to. And you're right next to artists like me, Lizzo. So, are you ready to talk to fans? Spotify advertising. You're among fans.