Coyote: new malware steals bank access data and accounts for 90% of cases in Brazil

According to a report published by the cybersecurity company Kaspersky, a new malware focused on stealing banking access data is active. Nicknamed Coyotethe new threat uses sophisticated methods to circumvent security schemes and claimed most of its victims on Brazilian soil.

Despite the sophistication of the tool, the Coyote uses a widely known form of infection: trojan – the Trojan horse. The malware accompanies a “normal” application and can infiltrate during the application update process.

When activated innocently by the user, this updater camouflages a malicious package within the target system among legitimate libraries.

From then on, the Coyote begins monitoring the victim’s activities waiting for the exact moment to attack. Through SSL channels, it then communicates with the criminals’ server using encrypted messages, sharing data collected from banking websites – including screenshots.

The sophistication of the new threat is due to the form of infection. Instead of using MSI installers, as is normally the case with malware, Coyote opts for a relatively new way of installing and updating applications on Windows: Squirrel (“squirrel”).

This is where the nickname comes from, as Coyotes tend to be predators of squirrels in the wild.

With this, the threat manages to go under the radar of outdated systems, and starts looking for details of logins, passwords and access keys of the banking institutions used by the user.

No brazil

O Coyote specifically targets users from more than 60 banking institutions, the majority of which are from Brazil. Also according to data collected by Kasperksy, 90% of new malware infections occurred on Brazilian soil and the company’s products detected the threat as “TIME:Trojan-Banker.MSIL.Coyote.gen”.

So far there is no further information regarding who developed the tool or how many people have already been victims.