Coyote Banking Trojan: When Accessibility Becomes a Liability in Windows Security
Coyote, the banking trojan, has evolved to abuse the Microsoft UI Automation framework, bypassing detection to steal credentials from banking and cryptocurrency sites. While initially targeting Brazilian users with keylogging and phishing, it now exploits Windows accessibility features to identify and extract data from web-based services, marking a significant leap in its malicious capabilities.
Hot Take:
In the ever-evolving game of cat and mouse between cyber criminals and security experts, the Coyote banking trojan has upped its game by turning a helpful Windows accessibility feature into a tool for evil. Who knew assistive technologies could be so… assisting? It’s like using a magnifying glass to rob a bank instead of reading the fine print!
Key Points:
– A new Coyote trojan variant is exploiting Windows UI Automation to target 75 banking and cryptocurrency platforms.
– Originally flagged as a potential threat by Akamai in December 2024, the technique evades typical endpoint detection measures.
– The trojan targets Brazilian users primarily, using both traditional and innovative methods to steal credentials.
– Microsoft has been contacted about addressing these vulnerabilities but has not yet responded.
– Similar abuse of accessibility features has been seen in Android, with Google implementing multiple countermeasures over time.