FlagThis

The Coyote Banking Trojan is actively targeting financial institutions and online banking users in Brazil, stealing data from over 70 financial applications and websites. Cybersecurity researchers at FortiGuard Labs have uncovered this stealthy and highly sophisticated banking trojan which leverages malicious LNK files and PowerShell scripts to infiltrate Windows systems, deploy payloads, and steal sensitive banking credentials. The attack begins with a weaponized LNK file that executes a hidden PowerShell command, connecting to a remote server and downloading additional malicious scripts, initiating the next stage of the attack.

The Trojan can keylog user activity, capture screenshots, display phishing overlays, and even manipulate browser windows to steal financial data. It collects system information such as the machine ID, MAC address, Windows version, and installed security software, sending these details to remote command-and-control servers. The final payload includes the main Coyote Banking Trojan, which expands its target list to over 1,000 websites and 73 financial agents. Accessing any of the targeted sites could trigger further malicious activity, enhancing the threat to financial cybersecurity.

ImgSrc: securityonline.info

References:

• GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Coyote Malware Launches Stealthy Attack on Windows Systems via LNK Files - 16d
• Security Affairs - Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites - 16d
• Malware Archives ? Cybersecurity News - Coyote Banking Trojan: A Multi-Stage Financial Cyber Threat Targeting Brazil - 16d
• securityonline.info - Coyote Banking Trojan: A Multi-Stage Financial Cyber Threat Targeting Brazil - 16d

Classification:

• HashTags: bankingtrojan brazil malware
• Company: Fortinet
• Target: Brazilian Financial Users
• Feature: Data Theft
• Type: Malware
• Severity: High