FlagThis

A global attack campaign, dubbed StaryDobry, involves trojanized game installers to deploy XMRig cryptocurrency miner. Attackers upload trojanized installers for popular games such as BeamNG.drive, Garry’s Mod, and Dyson Sphere Program to torrent sites. Downloading these triggers an installer screen, and dropper extraction and execution occurs. The campaign primarily targets individual users in Russia, Brazil, Germany, Belarus, and Kazakhstan.

Fortinet’s FortiGuard Labs has issued a high-severity alert regarding the Coyote Banking Trojan, a sophisticated malware targeting Microsoft Windows users. This trojan is distributed through malicious LNK files that execute PowerShell commands, initiating a multi-stage attack. The primary objective is to harvest sensitive information, including system details and antivirus product lists, and to bypass sandbox discovery. The updated Coyote malware now targets 1,030 sites and 73 financial institutions.

The attacks involving the new Coyote trojan variant include the deployment of an LNK file executing a PowerShell command, which facilitates the retrieval of a next-stage PowerShell script for launching the trojan. The malware is designed to gather system information and avoid detection by security measures, highlighting the need for robust endpoint protection and vigilant monitoring of system activities.

The Coyote Banking Trojan is targeting Brazilian users stealing data from over 70 financial applications and websites. Cybersecurity researchers at FortiGuard Labs have uncovered a stealthy and highly sophisticated banking trojan dubbed Coyote, which is delivered via malicious LNK files that execute PowerShell commands to inject shellcode. The malware can harvest sensitive information from numerous financial applications and websites, posing a significant threat to financial security in Brazil. The Trojan employs techniques to bypass sandbox discovery, enhancing its stealth and effectiveness.