Woburn, MA – February 8, 2024 — A new sophisticated banking Trojan that steals sensitive financial information and introduces advanced tactics to avoid detection has been discovered by Kaspersky's Global Research and Analysis Team (GReAT). Dubbed 'Coyote,' this malware relies on the Squirrel installer for distribution, its name drawing inspiration from coyotes, the natural predators of squirrels.
Coyote is a sophisticated new banking Trojan that employs advanced evasion tactics to pilfer sensitive financial information. Primarily targeting users affiliated with more than 60 banking institutions in Brazil, Coyote utilizes the Squirrel installer for its distribution, a method rarely linked to malware delivery. Kaspersky's researchers have investigated and identified the entire infection process of Coyote.
Instead of taking the usual path with well-known installers, Coyote uses a relatively new Squirrel tool to install and update Windows desktop applications. By doing so, Coyote hides its initial stage loader by pretending it's just an update packager.
What makes Coyote even more challenging is its use of Nim, a modern, cross-platform programming language, as the loader for the final stage of the infection process. This aligns with a trend observed by Kaspersky, in which cybercriminals use less popular and cross-platform languages, demonstrating their adaptability to the latest technology trends.
Once banking apps are active, Coyote talks to its command-and-control server using SSL channels with mutual authentication. The Trojan's use of encrypted communication and its ability to carry out specific actions like keylogging and taking screenshots highlight its advanced nature. It can even ask for specific bankcard passwords and set up a fake page to acquire user credentials.
Kaspersky's telemetry data shows that around 90 percent of Coyote’s infections come from Brazil, making a big impact on the region's financial cybersecurity.
“In the last three years, the number of banking Trojan attacks almost doubled, hitting over 18 million in 2023,” said Fabio Assolini, head of the Latin American Global Research and Analysis Team (GReAT) at Kaspersky. “As we deal with the growing number of cyber threats, it's important for people and businesses to protect their digital assets. The rise of Coyote, a new kind of Brazilian banking Trojan, reminds us to be careful and use the latest defenses to keep our important information safe.”
Read the full report on Coyote banking Trojan, please visit Securelist.
For protection against financial threats, Kaspersky recommends:
To protect your business from financial malware, Kaspersky security experts recommend:
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.