Coyote is a Windows banking trojan that targets Brazilian users by exploiting the Windows UI Automation framework to collect sensitive information. It specifically aims at extracting credentials from 75 banking institutions and cryptocurrency exchanges. This variant is equipped with features such as keystroke logging, screenshot capturing, and login page overlays. Its operation mirrors known Android banking trojans that misuse accessibility services. Coyote employs API calls to identify active windows and their titles, further analyzing UI elements for valuable data extraction.
"The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges."
"If no match is found Coyote will then use UIA to parse through the UI child elements of the window in an attempt to identify browser tabs or address bars."
Collection
[
|
...
]