Beware! Coyote Malware Hiding in Financial Apps
By: Jim Stickley and Tina Davis
May 14, 2024
There's a new banking Trojan on the rise with some fresh tricks up its sleeve. It's called Coyote and so far, 61 banking apps have fallen prey to this malware. How quickly this banking malware starts to spread globally remains to be seen, but you can bet this cagey Coyote will be very wily.
A New Breed of Banking Trojan
Coyote separates itself from "the usual" banking malware in a few new ways. You could say it's a modern, updated Trojan that's more difficult to detect and prevent. Coyote's purpose is stealing banking information and other PII using fake overlays and phony update screens. It also executes commands, takes screenshots, copies keystrokes, moves the cursor, and freezes the device. All of these tricks are done in a way that may evade today's malware detection technology.
Thanks to using a few new tools, Coyote is more dangerous and successful than previous banking Trojans. It uses Nim, a newer programming language not used before by banking Trojans. It utilizes new tools to update malware with new features and enjoys a low rate of detection by today’s security software. Coyote also uses Squirrel, an open-source tool to hide itself as a legitimate updater. There are also links seen between Coyote and banking Trojans like Tricot, QuakBot, and Ursinif.
Coyote on the Hunt
To date, Coyote's hunting ground has been limited to Brazil, a country that's become the world's home for banking malware development. That's important because when banking malware like Coyote is successful in Brazil, the next steps are expanding worldwide. It may just be a matter of time before the U.S. and other countries see Coyote emerge as a threat to consumers, banks, and corporations.
It's crucial for banks and businesses to be aware of Coyote and plan ahead for ways to combat it. That's why cybersecurity pros are ringing the Coyote alarm bell for this new breed of banking malware. For sure, Coyote is on the hunt to expand to the rest of the world, so beware!