'Coyote' is a dangerous Windows malware that abuses the UI Automation Framework to steal banking and crypto data. It infiltrates systems through key-logging, phishing, and other techniques. Currently targeting Brazil, India is also at risk. Stay alert and adopt security measures.
Coyote: If you use online banking or crypto wallets, be alert now! A new and extremely dangerous malware called 'Coyote' has emerged, which is stealing your private banking details and information related to crypto exchanges by using an in-built Windows feature.
What is 'Coyote' malware?
'Coyote' is a new Windows-based malware that was recently tracked by cybersecurity firm Akamai. This malware specifically uses the Windows UI Automation Framework – a feature originally designed to help people with disabilities. But now this feature is being misused, and through it, Coyote malware steals important information by monitoring the user's screen.
How does this malware work?
Coyote cleverly infiltrates your device and steals the following information:
- User's username
- Computer name and system details
- Which banking services or wallets you are using
- Which websites have been opened, especially bank and crypto exchange sites
This information is sent directly by the malware to the C2 (Command and Control) server, from where cyber criminals can easily access it.
Which techniques does it use?
Coyote does not rely on just one technique. It uses several cyber attack methods, such as:
- Key Logging: This records every keystroke you type on your keyboard.
- Phishing Overlay: Creates fake websites that look like the real site so that you fill in your details yourself.
- Squirrel Installer: This hides itself and installs itself into the system via a fake installer when installing software.
- GetForegroundWindow API: This technique identifies the active window, which helps in determining whether the user is on a banking site or not.
Brazil is currently the target, but India is also on alert
According to Akamai's report, Coyote is currently targeting Brazil, but its strategy is similar to that of other dangerous malware – first test in one country and then spread it all over the world. In India, a large number of people use online banking, UPI apps, and digital wallets. In such a situation, India can also be targeted by Coyote.
How to avoid malware like Coyote?
1. Keep System Updated
Keep your system and software updated from time to time. New updates often have security fixes that protect against such malware.
2. Use Strong Antivirus
Install any reliable and latest antivirus software. This will help in preventing suspicious activities.
3. Avoid Suspicious Emails
If you receive an email from an unknown person with an attachment or link, do not click on it. Malware like Coyote can also enter the device through phishing emails.
4. Turn on Two-Factor Authentication (2FA)
Turn on two-factor authentication in your banking and crypto accounts. This will prevent anyone from logging in with just a password.
5. Be Careful with Browser Extensions
Many times the extensions installed in the browser also track user activity. Only install extensions from trusted sources.
Why is this more dangerous?
The aspect that makes Coyote dangerous is that it does not come as a file that you can recognize. It can 'see' and 'hear' your screen and input in the background through the UI Automation framework, without any alert. Detecting it can be a challenge even for common antivirus software.
