216.73.217.50

Coyote Banking Trojan: A Stealthy Attack via LNK Files

· Published 31/01/2025 09:53 · Modified 31/01/2025 11:06

Export JSON

Essential information

Published
31/01/2025 09:53
Modified
31/01/2025 11:06
Tags
2025-01-31 coyote banking trojan lnk files phishing
Related entities
15 techniques (mitre), 1 malware, 2 others

Description

A sophisticated multi-stage attack utilizing to deliver the has been identified, primarily targeting Brazilian financial applications. The malware employs PowerShell commands, shellcode injection, and registry manipulation to establish persistence and evade detection. It monitors user activity, captures sensitive information from over 1,000 targeted websites and 73 financial agents, and communicates with command and control servers. The Trojan's capabilities include keylogging, screenshot capture, and displaying overlays. This complex attack highlights the need for robust cybersecurity measures to protect against evolving threats in the financial sector.

External references