Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept and modify transactions, allowing hackers to drain bank accounts or make unauthorized purchases.
BlackBerry cybersecurity researchers recently detected that the Coyote banking trojan has been actively attacking Windows users to steal login details.
Coyote is an advanced .NET Trojan horse focusing on Brazilian financial institutions, indicating the increasing cyber hazards in Latin America.
Named after its misuse of Squirrel malware, Coyote uses a unique process linked to legitimate open-source files contaminated with DLLs.
This loads the Trojan using Nim programming language to collect financial data and maintain itself in the system.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
When this malware appeared in February 2024, it reflected the World Economic Forum’s findings on Latin America’s cybersecurity drawbacks, especially in governments and finance.
Moreover, researchers added that Coyote’s complex techniques underline threat actors’ changing strategies to expand the market in this region.
Due to the large file size, the Coyote Trojan which focuses on clients in Brazil is likely delivered through phishing links.
It has a complex infection chain includes Squirrel updates, DLL sideloading of a vulnerable Google Chrome DLL, and a Nim loader that runs the Trojan in-memory.
Before sending data to its C2 servers, it keeps watching window titles for specific targets. It can perform 24 tasks such as screenshots, displaying fake banking overlays, and keylogging.
Randomly choosing from several C2 domains, WatsonTCP is utilized by this Trojan.
Besides this, the Coyote threat actor’s sophisticated Brazilian .NET banking Trojan has not yet been observed being sold on underground markets.
Coyote banking Trojan is a sophisticated .NET malware that targets financial institutions in Brazil and the Binance cryptocurrency exchange.
One of the ways it does this is by phishing with malicious domains or disguising its loader as a legitimate squirrel update packager.
In this respect, there’s an emerging threat in LATAM. This highlights the necessity for better security measures where advanced protection mechanisms are combined with user awareness campaigns.
To fight this growing threat and guard against the compromise of financial institutions’ reputations, it is important to adopt a multidimensional strategy that includes the integration of contemporary offerings and the development of cyber security and advanced defense mechanisms.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635…
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has…
Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware,…
A recently discovered vulnerability in Red Hat's NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity…
Tor Browser 14.0 has been officially launched. It brings significant updates and new features to…
INE Security offers essential advice to protect digital assets and enhance security. As small businesses…