A new Brazilian banking Trojan has emerged, targeting government entities. The malware has allegedly been in development since 2018, according to an advisory published on Tuesday by the ESET. The malware has been named Janeleiro, and appears to be focused on Brazilian targets exclusively. The malware has targeted other entities, including those in the healthcare, engineering, retail, finance, and manufacturing sectors.

According to researchers, the new Trojan bears many similarities to others observed in Brazil such as Casbaneiro, Grandoreiro, and Mekotio. This is the first detected Trojan written in .NET however, rather than Delphi. Janeleiro is currently being utilized via a phishing campaign sent to corporate targets pretending to be unpaid invoices. The messages contain a malicious link to compromised servers. If the victim unzips the attached archive file, an installer then loads the Trojan.

Read More: Meet Janeleiro, a new banking Trojan striking company, government targets