Coyote Banking Trojan: A Stealthy Attack via LNK Files
Essential information
- Published
- 31/01/2025 09:53
- Modified
- 31/01/2025 11:06
- Tags
- 2025-01-31 coyote banking trojan lnk files phishing
- Related entities
- 15 techniques (mitre), 1 malware, 2 others
Description
A sophisticated multi-stage attack utilizing LNK files to deliver the Coyote Banking Trojan has been identified, primarily targeting Brazilian financial applications. The malware employs PowerShell commands, shellcode injection, and registry manipulation to establish persistence and evade detection. It monitors user activity, captures sensitive information from over 1,000 targeted websites and 73 financial agents, and communicates with command and control servers. The Trojan's capabilities include keylogging, screenshot capture, and displaying phishing overlays. This complex attack highlights the need for robust cybersecurity measures to protect against evolving threats in the financial sector.