A multi-stage banking Trojan abusing the Squirrel installer [Thursday, February 08, 2024]

A new banking Trojan called Coyote utilizes the Squirrel installer for distribution and leverages NodeJS and the Nim programming language as a load...
A multi-stage banking Trojan abusing the Squirrel installer [Thursday, February 08, 2024]
A multi-stage banking Trojan abusing the Squirrel installer

A multi-stage banking Trojan abusing the Squirrel installer

Description :
A new banking Trojan called Coyote utilizes the Squirrel installer for distribution and leverages NodeJS and the Nim programming language as a loader to infect victims. It specifically targets users of over 60 banking institutions in Brazil. Coyote achieves persistence by abusing Windows logon scripts and monitors banking applications, sending info to C2 servers which respond with actions like keylogging and screenshots.

Published Created Modified
2024-02-08 14:43:28 2024-02-08 14:43:28 2024-02-08 15:25:22

Tags

Indicators

Domains : Malwares :
  • Coyote
Hashes :
  • eb615c093e9b52ed409f426764857e6e42aa85e02adef59d6f1457dcbb90bb40
  • 1bed3755276abd9b54db13882fcf29c543ebf604be3b7fcf060cbd6d68bcd23f
Location :
  • Brazil
MITRE ATT&CK Techniques : Other observables :
  • Finance

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.