Attacks with the novel Coyote banking trojan have been deployed against 61 banks across Brazil, The Hacker News reports.
Intrusions with Coyote commence with the delivery of a malicious Squirrel installer executable that would deploy an Electron-compiled NodeJS app, which would execute the banking trojan once the Nim-based loader completes DLL side-loading, a report from Kaspersky revealed. Various banking apps are then monitored by Coyote, which could facilitate screenshot capturing, process termination, keystroke logging, and machine shutdowns, according to researchers.
"The addition of Nim as a loader adds complexity to the trojan's design. This evolution highlights the increasing sophistication within the threat landscape and shows how threat actors are adapting and using the latest languages and tools in their malicious campaigns," said Kaspersky.
Such a threat in Latin America comes after operations of the Grandoreiro banking trojan had been disrupted by Brazilian law enforcement in late January.
