FlagThis

Fortinet’s FortiGuard Labs has issued a high-severity alert regarding the Coyote Banking Trojan, a sophisticated malware targeting Microsoft Windows users. This trojan is distributed through malicious LNK files that execute PowerShell commands, initiating a multi-stage attack. The primary objective is to harvest sensitive information, including system details and antivirus product lists, and to bypass sandbox discovery. The updated Coyote malware now targets 1,030 sites and 73 financial institutions.

The attacks involving the new Coyote trojan variant include the deployment of an LNK file executing a PowerShell command, which facilitates the retrieval of a next-stage PowerShell script for launching the trojan. The malware is designed to gather system information and avoid detection by security measures, highlighting the need for robust endpoint protection and vigilant monitoring of system activities.