Coyote Trojan Targets Brazilian Banks

, Coyote Trojan

In Brazil, a new cybersecurity threat, the Coyote Trojan, has emerged as a formidable adversary, targeting a staggering 61 banking institutions. This sophisticated malware showcases a stark departure from traditional malware, exploiting the less common but nimble programming language of Nim, as highlighted by Kaspersky’s recent analysis. Unlike its predecessors, which relied on Delphi for offensive operations, Coyote represents a forward leap in cybercriminal innovation.

The infection chain is elaborate. It begins with a Squirrel installer, not just any tool, but an open-source framework designed for Windows app maintenance. Once executed, the squirrelly code launches a Node.js application. This application, compiled with Electron, gives life to a Nim-based loader. The subsequent action is underhand yet technically adroit: DLL side-loading injects the Coyote payload, as explained in MITRE’s ATT&CK; framework.

Equipped with wide-ranging capabilities that Kaspersky reports, Coyote lies in wait, monitoring systems until the perfect opportunity arises to strike banking applications or websites. When the trigger is met, it communicates with a remote server, awaiting instruction to log keystrokes, capture screenshots, impersonate user overlays, and more, not shying away even from shutting down a compromised machine.

FortiGuard Labs brings additional insights into the Trojan’s modus operandi, exposing its disguised attack vectors. Initially, an Excel document containing a VBA script activates the onslaught. It then proceeds through a series of downloadable files, including a peculiarly named “Windows Update.bat.” FortiGuard’s vigilant antivirus solutions detect and block this malicious sequence, offering a critical line of defense.

In an encouraging response, Brazilian law enforcement has not sat idly by. They have actively dismantled related operations like Grandoreiro, taking legal action against the dark architects behind such malware. These enforcement efforts are pivotal in the continuous battle against cyber threats.

In parallel, FortiGuard Labs uncovered another malicious toolset emanating from Vietnamese origins, targeting users with a new Python-based information stealer. MrTonyScam, known for his dark crafts, designs its vile steeds to ravage browser data, not sparing local favorites such as the Cốc Cốc browser. Here, the robust defenses laid out by FortiGuard’s CDR service and cybersecurity training show their worth, thwarting attackers’ attempts to exploit the troves of sensitive information.

For those caught in the crosshairs of Coyote or other advanced cyber threats, Fortinet’s Global FortiGuard Incident Response Team stands ready to assist. In the ceaseless conflict of bytes and breaches, the synergy of technological prowess, vigilant defense, and proactive law enforcement emerges as the beacon of resilience against the ever-evolving landscape of cyber threats.

If you enjoyed this article, please check out our other articles on CyberNow

February 9, 2024
The Coyote Trojan emerges in Brazil, targeting numerous banks and showcasing cybercriminals' innovative use of the Nim programming language.