CyberSecurity news

FlagThis - #trojan

@securityonline.info //
Fortinet's FortiGuard Labs has issued a high-severity alert regarding the Coyote Banking Trojan. This sophisticated malware, targeting Microsoft Windows users, has expanded its reach to include 1,030 websites and 73 financial institutions. The malware is distributed through malicious LNK files that execute PowerShell commands, initiating a multi-stage attack. The primary goal is to harvest sensitive data, including system details and lists of installed antivirus products.

The attack sequence begins with a LNK file executing a PowerShell command to retrieve a next-stage PowerShell script, launching the trojan. Once deployed, the trojan gathers system information and evades detection by security measures. Should a victim attempt to access a targeted site, the malware communicates with a command-and-control server, enabling actions like capturing screenshots or displaying phishing overlays to steal sensitive credentials, impacting financial cybersecurity.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • gbhackers.com: FortiGuard Labs has issued a high-severity alert regarding the Coyote Banking Trojan, a sophisticated malware targeting Microsoft Windows users.
  • www.scworld.com: Updated Coyote malware facilitates more extensive compromise
  • gbhackers.com: Coyote Malware Launches Stealthy Attack on Windows Systems via LNK Files
  • The Hacker News: Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
  • securityonline.info: SecurityOnline article about the multi-stage Coyote banking trojan targeting Brazil.
  • securityaffairs.com: Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
  • securityonline.info: Coyote Banking Trojan: A Multi-Stage Financial Cyber Threat Targeting Brazil
Classification:
@securityonline.info //
A global attack campaign named StaryDobry has been discovered, utilizing trojanized game installers to deploy the XMRig cryptocurrency miner on compromised Windows systems. Attackers uploaded poisoned installers for popular games such as BeamNG.drive, Garry's Mod, and Dyson Sphere Program to torrent sites, luring users into downloading them. Once executed, these installers initiate a complex infection chain, ultimately leading to the installation of the XMRig miner. The campaign, detected by Kaspersky on December 31, 2024, lasted for a month and has primarily targeted individual users and businesses.

Researchers have identified that the attack chain employs several evasion techniques, including anti-debugging checks and geolocation verification. The malware gathers a fingerprint of the machine, decrypts an executable, and modifies Windows Shell Extension Thumbnail Handler functionality. The campaign focused on gaming PCs with 8+ core CPUs to maximize mining efficiency. While the perpetrators remain unknown, the presence of Russian language strings suggests the involvement of Russian-speaking actors. The most affected countries included Russia, Brazil, Germany, Belarus, and Kazakhstan.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • securityonline.info: Cracked Games, Cryptojacked PCs: The StaryDobry Campaign
  • The Hacker News: Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
  • www.scworld.com: Global XMRig attack campaign involves trojanized game installers
  • Talkback Resources: Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack [net] [sys] [mal]
  • Talkback Resources: Cracked Games, Cryptojacked PCs: The StaryDobry Campaign [net] [mal]
  • Talkback Resources: StaryDobry campaign targets gamers with XMRig miner [mal]
  • gbhackers.com: A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of popular games.
  • BleepingComputer: A large-scale malware campaign dubbed StaryDobry has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program.
  • securityonline.info: Cybercriminals launched a mass infection campaign, dubbed StaryDobry, leveraging the holiday season’s increased torrent traffic The
  • www.bleepingcomputer.com: A large-scale malware campaign dubbed "StaryDobry" has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program.
  • Anonymous ???????? :af:: A large-scale malware campaign dubbed "StaryDobry" has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program.
Classification:
@securityonline.info //
The Coyote Banking Trojan is actively targeting financial institutions and online banking users in Brazil, stealing data from over 70 financial applications and websites. Cybersecurity researchers at FortiGuard Labs have uncovered this stealthy and highly sophisticated banking trojan which leverages malicious LNK files and PowerShell scripts to infiltrate Windows systems, deploy payloads, and steal sensitive banking credentials. The attack begins with a weaponized LNK file that executes a hidden PowerShell command, connecting to a remote server and downloading additional malicious scripts, initiating the next stage of the attack.

The Trojan can keylog user activity, capture screenshots, display phishing overlays, and even manipulate browser windows to steal financial data. It collects system information such as the machine ID, MAC address, Windows version, and installed security software, sending these details to remote command-and-control servers. The final payload includes the main Coyote Banking Trojan, which expands its target list to over 1,000 websites and 73 financial agents. Accessing any of the targeted sites could trigger further malicious activity, enhancing the threat to financial cybersecurity.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • gbhackers.com: Coyote Malware Launches Stealthy Attack on Windows Systems via LNK Files
  • securityaffairs.com: Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites
  • securityonline.info: Coyote Banking Trojan: A Multi-Stage Financial Cyber Threat Targeting Brazil
  • securityonline.info: Coyote Banking Trojan: A Multi-Stage Financial Cyber Threat Targeting Brazil
Classification: