Updated Coyote malware facilitates more extensive compromise

Windows systems across Brazil have been subjected to an updated iteration of the Coyote banking trojan, which has been strengthened to target 1,030 websites and 73 financial institutions, The Hacker News reports.

Attacks with the new Coyote trojan variant over the past month involved the deployment of an LNK file executing a PowerShell command facilitating next-stage PowerShell script retrieval for the eventual launching of the trojan, which not only obtained system details and an antivirus product list but also sought to bypass sandbox discovery, according to a Fortinet FortiGuard Labs study. Moreover, accessing any of the sites targeted by Coyote could trigger further malicious activity, including screenshot capturing. "Coyote's infection process is complex and multi-staged. This attack leveraged an LNK file for initial access, which subsequently led to the discovery of other malicious files. This Trojan poses a significant threat to financial cybersecurity, particularly because it has the potential to expand beyond its initial targets," said researcher Cara Lin.