Thursday, December 5, 2024
HomeCyber AttackCoyote Banking Trojan Attacking Windows Users To Steal Login Details

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Published on

SIEM as a Service

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept and modify transactions, allowing hackers to drain bank accounts or make unauthorized purchases.

BlackBerry cybersecurity researchers recently detected that the Coyote banking trojan has been actively attacking Windows users to steal login details.

Coyote is an advanced .NET Trojan horse focusing on Brazilian financial institutions, indicating the increasing cyber hazards in Latin America.

- Advertisement - SIEM as a Service

Named after its misuse of Squirrel malware, Coyote uses a unique process linked to legitimate open-source files contaminated with DLLs.

This loads the Trojan using Nim programming language to collect financial data and maintain itself in the system.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Coyote Trojan Attacking Windows Users

When this malware appeared in February 2024, it reflected the World Economic Forum’s findings on Latin America’s cybersecurity drawbacks, especially in governments and finance.

Moreover, researchers added that Coyote’s complex techniques underline threat actors’ changing strategies to expand the market in this region.

Due to the large file size, the Coyote Trojan which focuses on clients in Brazil is likely delivered through phishing links.

It has a complex infection chain includes Squirrel updates, DLL sideloading of a vulnerable Google Chrome DLL, and a Nim loader that runs the Trojan in-memory.

Before sending data to its C2 servers, it keeps watching window titles for specific targets. It can perform 24 tasks such as screenshots, displaying fake banking overlays, and keylogging.

Randomly choosing from several C2 domains, WatsonTCP is utilized by this Trojan.

Connections from Coyote banking Trojan to different C2 servers (Source – BlackBerry)

Besides this, the Coyote threat actor’s sophisticated Brazilian .NET banking Trojan has not yet been observed being sold on underground markets.

Coyote banking Trojan is a sophisticated .NET malware that targets financial institutions in Brazil and the Binance cryptocurrency exchange.

One of the ways it does this is by phishing with malicious domains or disguising its loader as a legitimate squirrel update packager.

In this respect, there’s an emerging threat in LATAM. This highlights the necessity for better security measures where advanced protection mechanisms are combined with user awareness campaigns.

To fight this growing threat and guard against the compromise of financial institutions’ reputations, it is important to adopt a multidimensional strategy that includes the integration of contemporary offerings and the development of cyber security and advanced defense mechanisms.

"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the...

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...

Weaponized Word Documents Attacking Windows Users to Deliver NetSupport & BurnsRAT

The threat actors distributed malicious JS scripts disguised as legitimate business documents, primarily in...