Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267
0

A New Threat in Brazil’s Financial Malware Landscape | #cybercrime | #computerhacker


In the ever-evolving world of cybercrime, a new threat has emerged from the heart of Brazil. Kaspersky researchers have unveiled a sophisticated banking Trojan named ‘Coyote,’ which has set its sights on 61 online banking applications, primarily in Brazil. This discovery underscores the country’s thriving financial malware scene that has been active since the turn of the century.

The Elusive Coyote: A Blend of Simplicity and Complexity

Coyote embodies an intriguing fusion of rudimentary and advanced components. It employs the Squirrel installer, NodeJs, and the relatively new programming language, Nim, to execute a suite of malicious functionalities. This unusual combination enables Coyote to remain stealthy and evade detection by security software.

The Trojan’s capabilities are extensive. It can take screenshots, log keystrokes, kill processes, shut down systems, move cursors, and even display phishing overlays to capture user credentials. Unlike other Trojans that use Windows Installers and are easily flagged, Coyote uses Squirrel to disguise its initial loader. Moreover, its use of Nim, a programming language that is not commonly used in malware development, further complicates detection efforts.

The Brazilian Connection: A Hotbed of Financial Cybercrime

Brazil has a storied history of creating banking Trojans that eventually become global threats. Previous Trojans like Grandoreiro have spread to over 40 countries. However, increased international law enforcement scrutiny has resulted in arrests and actions against these cybercriminals.

The emergence of Coyote signifies a new chapter in this ongoing saga. According to Kaspersky’s telemetry data, around 90% of Coyote’s infections originate from Brazil, with detections also reported in other Latin American countries. The Trojan is distributed via email and simulates a Windows update package, making it difficult for users to discern its malicious intent.

Once installed, Coyote achieves persistence by abusing Windows logon scripts. It monitors all open applications on the victim’s system, contacting the command and control server when banking applications are accessed. The Trojan establishes communication with its command and control server using SSL channels with a mutual authentication scheme.

The Coyote’s Bite: The Impact and the Fightback

Coyote’s impact on Brazil’s financial cybersecurity is significant. In 2023 alone, Kaspersky recorded more than 18 million banking Trojan attacks. The rise of Coyote serves as a stark reminder for people and businesses to employ the latest defenses to protect their digital assets.

The adoption of recent languages like Nim presents a new challenge for the defenses of banking apps, which are the current national preference for financial transactions. As the lines between technology and humanity continue to blur, the battle against cyber threats like Coyote becomes increasingly complex.

The discovery of Coyote underscores the ongoing challenges for security teams and the importance of international collaboration to combat financial cybercrime. In this high-stakes game of cat and mouse, staying one step ahead of the coyote is crucial in safeguarding our digital world.

As the sun sets on another day in the world of cybersecurity, the shadows of threats like Coyote loom large. But in the face of these challenges, the resolve to protect and defend remains steadfast. The fight against financial cybercrime continues, with each new discovery serving as a beacon of hope in an increasingly interconnected world.



——————————————————–


Click Here For The Original Source.

Translate