A fresh wave of cyber threats has been identified, as malicious software targets sensitive banking information by exploiting Microsoft technology. Akamai Technologies has reported a variant of the Coyote malware family, which utilizes Microsoft’s UI Automation (UIA) framework in its operations. This development is raising significant alarm among security specialists regarding possible threats to banking and cryptocurrency users.
How Does the New Malware Operate?
The new Coyote malware variant distinguishes itself by employing Microsoft’s UIA framework for data extraction tasks, setting it apart from other malware types. According to Tomer Peled, a security researcher from Akamai, this makes Coyote a formidable threat to the banking industry.
Coyote now incorporates UIA as part of its operation. Similar to other malware, Coyote searches for banking information. However, its use of UIA differentiates it from others.
What Are the Known Targets?
This malware specifically targets users in Brazil, strategically focusing on obtaining user information linked to 75 different financial institutions and cryptocurrency platforms. Even when the user is offline, Coyote can execute control operations, heightening the risk of detecting and compromising bank or cryptocurrency account details. Peled further clarifies the capacity of Coyote to identify and steal login credentials.
Discovered in February 2024, the Coyote malware family initially targeted Latin American institutions, aiming to illicitly acquire both banking and cryptocurrency information. Squirrel, a loader, serves as a vital tool for spreading this malware, helping cybercriminals infiltrate systems. In Brazilian campaigns, Coyote has been instrumental in deploying remote access malware.
Notably, cybersecurity professionals emphasize that Coyote’s use of the UIA framework efficiently breaks down target application components, automating the information collection process. This innovative technique is likely to be emulated by other malware families.
Key takeaways based on the findings include:
- Coyote uses Microsoft’s UIA framework, marking a new trend in malware design.
- It targets 75 banking and cryptocurrency platforms in Brazil.
- Risk mitigation requires updated systems and employee awareness.
The emergence of these cyber threats emphasizes the need for a reassessment of cybersecurity defenses, especially in the financial and cryptocurrency sectors. To protect against such threats, users should download software only from trusted sources and be wary of unfamiliar attachments. Organizations are advised to implement timely system updates and educate their staff about malware threats to reduce potential risks.
