Malware, Threat Intelligence

Updated Coyote trojan exploits Microsoft UI Automation

Trojan malware

Hackread reports that dozens of financial entities and cryptocurrency exchanges have been targeted with attacks involving a new iteration of the Coyote banking trojan, which has gained the novel ability to exploit Microsoft's UI Automation framework to facilitate banking credential compromise.

Aside from including 75 organizations in its hardcoded list that enables tailored credential stuffing attempts, the updated Coyote trojan also uses UIA to scan and extract data from other apps, which could be used for login data exfiltration, a report from Akamai revealed. Targeted systems' information, including computer names, usernames, and browser details, has also been locally checked and sent by the malware to its command-and-control infrastructure. Such a threat should prompt organizations to track 'UIAutomationCore.dll' loading into unexpected processes, according to Akamai, which has also given a set of 'osquery' commands that could be leveraged to identify processes interfering with named pipes connected to UIA.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds