Hackread reports that dozens of financial entities and cryptocurrency exchanges have been targeted with attacks involving a new iteration of the Coyote banking trojan, which has gained the novel ability to exploit Microsoft's UI Automation framework to facilitate banking credential compromise.Aside from including 75 organizations in its hardcoded list that enables tailored credential stuffing attempts, the updated Coyote trojan also uses UIA to scan and extract data from other apps, which could be used for login data exfiltration, a report from Akamai revealed. Targeted systems' information, including computer names, usernames, and browser details, has also been locally checked and sent by the malware to its command-and-control infrastructure. Such a threat should prompt organizations to track 'UIAutomationCore.dll' loading into unexpected processes, according to Akamai, which has also given a set of 'osquery' commands that could be leveraged to identify processes interfering with named pipes connected to UIA.
Malware, Threat Intelligence
Updated Coyote trojan exploits Microsoft UI Automation

(Adobe Stock Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



