Coyote

Malware updated 23 days ago (2024-11-29T13:58:15.965Z)
Download STIX
Preview STIX
Coyote is a sophisticated, multi-stage banking Trojan that has expanded its operations to target more than 1700 banks in 45 countries across all continents. Other notable malware families include Banbra, BestaFera, Bizarro, ChePro, Casbaneiro, Ponteiro, and Grandoreiro. Despite the arrest of several gang members involved with these operations, their malicious activities have not ceased. The Coyote Trojan uses an advanced design that incorporates Nim as a loader, hiding its initial stage loader by presenting it as an update packager. This deceptive tactic involves blocking the user interface with a misleading "Working on updates…" message while secretly executing harmful actions in the background. The Coyote Trojan recently compromised 61 Brazilian banking systems, illustrating the evolving tactics cybercriminals are employing. It operates by surveilling all open applications on the victim's system, waiting for access to specific banking applications or websites. Once activated, Coyote can execute commands such as capturing screenshots, logging keystrokes, terminating processes, displaying fake overlays, moving the mouse cursor strategically, and even initiating machine shutdowns. This ability to carry out a range of actions underscores its threat to online banking security and system integrity. In response to the Coyote threat, Brazilian law enforcement authorities took action by dismantling the Grandoreiro operation. However, the persistence of Trojan infections remains a significant concern for individuals and organizations alike, highlighting the need for robust cybersecurity measures. Coyote's emergence aligns with the dismantling of the Grandoreiro operation in Brazil, indicating a possible shift in the landscape of cyber threats. The use of Nim-based loaders to facilitate the execution of the Coyote payload through DLL side-loading further emphasizes the advanced and evolving nature of this malware.
Description last updated: 2024-11-15T16:01:47.417Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Loader
Trojan
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Grandoreiro Malware is associated with Coyote. Grandoreiro is a malicious software, or malware, specifically a banking Trojan that targets banks worldwide. Initially originating from a Brazilian banking group, Grandoreiro has expanded its reach to other countries, becoming a significant threat in the cyber landscape. It operates by infiltrating Unspecified
2
Source Document References
Information about the Coyote Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more