The cybersecurity landscape has witnessed the emergence of a new and sophisticated banking trojan named “Coyote,” which has been specifically targeting banking institutions in Brazil. According to reports by Kaspersky and The Hacker News, Coyote distinguishes itself by utilizing the Squirrel installer for distribution, leveraging Node.js and the Nim programming language for its infection process. This choice of tools reflects a strategic departure from more commonly used methods among banking trojans, particularly those targeting Latin American financial institutions.
More Read
Coyote’s attack chain is complex, beginning with a Squirrel installer executable that launches a Node.js application compiled with Electron. This, in turn, activates a Nim-based loader that triggers the execution of the Coyote payload through a technique known as DLL side-loading. The trojan is designed to monitor all open applications on the victim’s system, springing into action when specific banking applications or websites are accessed. Coyote’s capabilities include executing a wide array of commands such as taking screenshots, logging keystrokes, and displaying fake overlays to capture user credentials.
What sets Coyote apart is its use of encrypted communication with its command-and-control server and its sophisticated approach to carrying out malicious actions, including keylogging and capturing banking passwords. Kaspersky’s analysis reveals that approximately 90% of Coyote’s infections are concentrated in Brazil, highlighting the significant impact on the region’s financial cybersecurity landscape.
In response to the growing threat posed by banking trojans like Coyote, cybersecurity experts recommend several measures to protect digital assets. These include installing applications only from reliable sources, being cautious about granting permissions to applications, avoiding suspicious links or documents, and employing a comprehensive security solution capable of defending against a wide range of financial cyber threats.
For businesses, particularly those within the financial sector, additional recommendations include providing cybersecurity awareness training focused on phishing detection, improving staff’s digital literacy, and implementing a Default Deny policy for critical user profiles to ensure that only legitimate web resources are accessible.
The advent of Coyote underscores the evolving sophistication of the cyber threat landscape and serves as a reminder of the importance of vigilance and the adoption of advanced security measures to safeguard important information against such threats.
For more detailed information, you can read the full articles on Kaspersky’s website and The Hacker News.
