Coyote Banking Trojan: How UI Automation Became the Unlikely Sidekick in Credential Heists
Coyote’s banking trojan is breaking bad and has become the first reported malware to exploit Microsoft’s UI Automation for credential theft. Targeting Brazilians, it’s already pilfered credentials from users at 75 banks and crypto exchanges. Because why let a good accessibility feature go to waste when you could steal money instead?
Hot Take:
Who knew that the Coyote had a tech-savvy side? Move over, Wile E. Coyote — there’s a new brainiac in town, and it’s not chasing roadrunners, but your bank details! Apparently, even the most well-intentioned Microsoft accessibility features can be twisted into a digital smash-and-grab. It’s a good time to double-check your passwords, folks. Coyote is on the prowl, and it’s not going to stop at Acme products!
Key Points:
- Coyote banking trojan uses Microsoft’s UI Automation for credential theft, targeting Brazilians.
- UIA is designed for accessibility, but has become a tool for cybercriminals to nab credentials.
- The malware identifies potential targets by comparing active window titles with target bank URLs.
- First malware variant to exploit the UI Automation framework for malicious purposes.
- Coyote also utilizes the Squirrel tool to disguise itself as a legitimate Windows app update.
Already a member? Log in here