Security researchers are warning of a newly identified malware variant that makes use of Microsoft technology to steal bank customer data.

The cybersecurity firm Akamai Technologies says that it has confirmed the first case of a new variant of the Coyote banking trojan maliciously using Microsoft’s UI Automation (UIA) framework “in the wild.”

Says Akamai security researcher Tomer Peled,

“Coyote now leverages UIA as part of its operation. Like any other banking trojan, Coyote is hunting banking information, but what sets Coyote apart is the way it obtains this information, which involves the (ab)use of UIA.”

Peled says that the new variant is targeting Brazilian users by using UIA to “extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges.”

“Coyote can perform checks, regardless of whether the malware is online or operating in an offline mode. This increases the chances of successfully identifying a victim’s bank or crypto exchange and stealing their credentials.

UIA provides several things for an attacker, including a simple solution for malware developers to parse sub-elements of another application.”

The Coyote malware family was first discovered in February 2024, when it was targeting mostly Latin America.

“Coyote is a trojan malware that employs various malicious techniques, such as keylogging and phishing overlays, to steal banking information.

It uses the Squirrel installer to propagate (hence the name ‘Coyote,’ which pays homage to the coyotes’ nature to hunt squirrels). In one of its most well-known campaigns, Coyote targeted Brazilian companies in an attempt to deploy an information stealing Remote Access Trojan within their systems.”

 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney

The post New Malware Variant Taps Microsoft Technology To Steal Sensitive Bank Customer Data: Cybersecurity Researchers appeared first on The Daily Hodl.

Security researchers are warning of a newly identified malware variant that makes use of Microsoft technology to steal bank customer data.

The cybersecurity firm Akamai Technologies says that it has confirmed the first case of a new variant of the Coyote banking trojan maliciously using Microsoft’s UI Automation (UIA) framework “in the wild.”

Says Akamai security researcher Tomer Peled,

“Coyote now leverages UIA as part of its operation. Like any other banking trojan, Coyote is hunting banking information, but what sets Coyote apart is the way it obtains this information, which involves the (ab)use of UIA.”

Peled says that the new variant is targeting Brazilian users by using UIA to “extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges.”

“Coyote can perform checks, regardless of whether the malware is online or operating in an offline mode. This increases the chances of successfully identifying a victim’s bank or crypto exchange and stealing their credentials.

UIA provides several things for an attacker, including a simple solution for malware developers to parse sub-elements of another application.”

The Coyote malware family was first discovered in February 2024, when it was targeting mostly Latin America.

“Coyote is a trojan malware that employs various malicious techniques, such as keylogging and phishing overlays, to steal banking information.

It uses the Squirrel installer to propagate (hence the name ‘Coyote,’ which pays homage to the coyotes’ nature to hunt squirrels). In one of its most well-known campaigns, Coyote targeted Brazilian companies in an attempt to deploy an information stealing Remote Access Trojan within their systems.”

 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney

The post New Malware Variant Taps Microsoft Technology To Steal Sensitive Bank Customer Data: Cybersecurity Researchers appeared first on The Daily Hodl.