Coyote Malware Targets Banking and Cryptocurrency Data Using Microsoft Technology

Cybersecurity experts warn the public about a new malware targeting sensitive banking data using Microsoft technologies. The Coyote malware is known for its ability to effectively gather data through the User Interface Automation (UIA).

Characteristics of the New Malware Variant

The new Coyote variant uses Microsoft's UIA framework for data collection. Akamai's security researcher, Tomer Peled, confirmed that the malware utilizes UIA in its operations, posing a significant threat to the banking sector.

"Coyote now incorporates UIA as part of its operation. Similar to other malware, Coyote searches for banking information. However, its use of UIA differentiates it from others," states Tomer Peled.

Researchers note that this version of Coyote specifically targets users in Brazil. By leveraging UIA, it aims to capture user information related to 75 different banks and cryptocurrency platforms.

"Even when offline, Coyote can perform control operations, thereby increasing the risk of identifying bank or cryptocurrency accounts and stealing login credentials," adds Tomer Peled.

Coyote Virus Family

The Coyote malware family was first detected in February 2024, primarily targeting institutions in Latin America. Designed to steal both banking and cryptocurrency information, Coyote operates through phishing layers and keyloggers.

Squirrel, a loader, facilitates the spread of this malware, making it easier for cybercriminals to infiltrate systems. Particularly in Brazilian-targeted campaigns, Coyote has been used to deploy remote access malware.

Cybersecurity experts highlight that Coyote's use of the UIA framework allows easy parsing of target application subcomponents, automating the information collection process. The security community suggests that this new method could become a model for other malware families.

Recommendations for Enhancing Security

Coyote and similar threats present significant risks to the financial sector and digital currency exchanges. The misuse of Microsoft's UI Automation technology demands a reevaluation of existing defense mechanisms in cybersecurity. Users should only install software from reliable sources and be cautious about unknown file attachments. Organizations can mitigate risks by timely system updates and educating personnel about such malware threats.

The evolution of Coyote malware emphasizes the need for increased awareness of cyber threats and improved protective measures for both users and organizations.