FlagThis

Fortinet's FortiGuard Labs has issued a high-severity alert regarding the Coyote Banking Trojan. This sophisticated malware, targeting Microsoft Windows users, has expanded its reach to include 1,030 websites and 73 financial institutions. The malware is distributed through malicious LNK files that execute PowerShell commands, initiating a multi-stage attack. The primary goal is to harvest sensitive data, including system details and lists of installed antivirus products.

The attack sequence begins with a LNK file executing a PowerShell command to retrieve a next-stage PowerShell script, launching the trojan. Once deployed, the trojan gathers system information and evades detection by security measures. Should a victim attempt to access a targeted site, the malware communicates with a command-and-control server, enabling actions like capturing screenshots or displaying phishing overlays to steal sensitive credentials, impacting financial cybersecurity.

ImgSrc: securityonline.

References :

• gbhackers.com: FortiGuard Labs has issued a high-severity alert regarding the Coyote Banking Trojan, a sophisticated malware targeting Microsoft Windows users.
• www.scworld.com: Updated Coyote malware facilitates more extensive compromise
• gbhackers.com: Coyote Malware Launches Stealthy Attack on Windows Systems via LNK Files
• The Hacker News: Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
• securityonline.info: SecurityOnline article about the multi-stage Coyote banking trojan targeting Brazil.
• securityaffairs.com: Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
• securityonline.info: Coyote Banking Trojan: A Multi-Stage Financial Cyber Threat Targeting Brazil

Classification:

• HashTags: #malware #trojan #cybersecurity
• Company: Fortinet
• Target: Windows Users, Financial Institutions
• Product: Coyote Banking Trojan
• Feature: Banking Trojan
• Malware: Coyote
• Type: Malware
• Severity: Major