Wednesday, May 7, 2025
HomeCyber AttackCoyote Banking Trojan Attacking Windows Users To Steal Login Details

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Published on

SIEM as a Service

Follow Us on Google News

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept and modify transactions, allowing hackers to drain bank accounts or make unauthorized purchases.

BlackBerry cybersecurity researchers recently detected that the Coyote banking trojan has been actively attacking Windows users to steal login details.

Coyote is an advanced .NET Trojan horse focusing on Brazilian financial institutions, indicating the increasing cyber hazards in Latin America.

- Advertisement - Google News

Named after its misuse of Squirrel malware, Coyote uses a unique process linked to legitimate open-source files contaminated with DLLs.

This loads the Trojan using Nim programming language to collect financial data and maintain itself in the system.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Coyote Trojan Attacking Windows Users

When this malware appeared in February 2024, it reflected the World Economic Forum’s findings on Latin America’s cybersecurity drawbacks, especially in governments and finance.

Moreover, researchers added that Coyote’s complex techniques underline threat actors’ changing strategies to expand the market in this region.

Due to the large file size, the Coyote Trojan which focuses on clients in Brazil is likely delivered through phishing links.

It has a complex infection chain includes Squirrel updates, DLL sideloading of a vulnerable Google Chrome DLL, and a Nim loader that runs the Trojan in-memory.

Before sending data to its C2 servers, it keeps watching window titles for specific targets. It can perform 24 tasks such as screenshots, displaying fake banking overlays, and keylogging.

Randomly choosing from several C2 domains, WatsonTCP is utilized by this Trojan.

Connections from Coyote banking Trojan to different C2 servers (Source – BlackBerry)

Besides this, the Coyote threat actor’s sophisticated Brazilian .NET banking Trojan has not yet been observed being sold on underground markets.

Coyote banking Trojan is a sophisticated .NET malware that targets financial institutions in Brazil and the Binance cryptocurrency exchange.

One of the ways it does this is by phishing with malicious domains or disguising its loader as a legitimate squirrel update packager.

In this respect, there’s an emerging threat in LATAM. This highlights the necessity for better security measures where advanced protection mechanisms are combined with user awareness campaigns.

To fight this growing threat and guard against the compromise of financial institutions’ reputations, it is important to adopt a multidimensional strategy that includes the integration of contemporary offerings and the development of cyber security and advanced defense mechanisms.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code

A newly disclosed security vulnerability in Elastic’s Kibana platform has put thousands of businesses...

IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas

A former information technology manager has filed a whistleblower lawsuit alleging a major security...

NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict

A federal jury in California has ordered Israeli spyware maker NSO Group to pay...

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

BFDOOR Malware Targets Organizations to Establish Long-Term Persistence

The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Popular Instagram Blogger’s Account Hacked to Phish Users and Steal Banking Credentials

A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers...