Back to Hub

Coyote Banking Trojan Evolves: Now Targets WhatsApp Web and Crypto Exchanges via UI Automation

Imagen generada por IA para: El troyano bancario Coyote evoluciona: ahora ataca WhatsApp Web y exchanges de cripto mediante automatización de UI

The cybersecurity landscape faces a new threat as researchers uncover an evolved version of the Coyote banking trojan that demonstrates unprecedented capabilities in financial fraud automation. This latest iteration marks a concerning development in banking malware sophistication by weaponizing Microsoft's UI Automation framework - a system designed to assist users with disabilities - against financial platforms.

Technical Analysis:
The malware employs a multi-stage infection chain beginning with phishing campaigns distributing malicious JavaScript files (.js). Once executed, it establishes persistence and downloads additional payloads that include the UI Automation abuse module. Unlike traditional banking trojans that rely on overlay attacks, Coyote's new variant uses Microsoft UI Automation APIs to:

1) Programmatically interact with banking application interfaces
2) Extract sensitive data through screen scraping techniques
3) Automate fraudulent transactions while mimicking human behavior patterns

WhatsApp Web has emerged as a primary attack vector, where the trojan hijacks active sessions to bypass two-factor authentication (2FA) mechanisms. The malware monitors browser activity and injects malicious JavaScript when detecting visits to banking or cryptocurrency exchange portals.

Impact on Crypto Platforms:
The trojan demonstrates specific functionality targeting cryptocurrency exchanges, with capabilities to:

  • Modify transaction details during the confirmation process
  • Alter destination wallet addresses for fund transfers
  • Bypass some implementations of transaction verification systems

Defensive Recommendations:
Security teams should prioritize:
1) Application allowlisting to prevent unauthorized program execution
2) Network traffic monitoring for connections to known C2 servers
3) User education on recognizing sophisticated phishing attempts
4) Implementation of application sandboxing where feasible

The use of legitimate accessibility frameworks for malicious purposes presents particular detection challenges, requiring behavioral analysis rather than signature-based approaches. Enterprises in the financial sector should consider enhanced monitoring of UI Automation API usage patterns.

Original source: View Original Sources
NewsSearcher AI-powered news aggregation
Published: 24/07/2025 Malware

Comentarios 0

¡Únete a la conversación!

Sé el primero en compartir tu opinión sobre este artículo.