© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
Security researchers have stumbled across a new variant of the infamous Coyote malware that uses a Windows feature to steal bank credentials. Discovered by Akamai, a cybersecurity firm that helps prevent, detect and mitigate cyberthreats, Coyote is now using a Windows feature called the UI Automation framework to understand which cryptocurrency and exchange websites are accessed by users to steal wallets and banking information.
For those wondering, Microsoft’s UI Automation framework allows applications to use assistive technologies to interact and control user elements. As for Coyote, the malware uses various techniques like keylogging and phishing overlays to steal banking information using the Squirrel installer, a popular tool that helps install and update Windows-based applications.
Cybersecurity researchers say that the malware sends detailed information like computer name, user name, system attributes and information about the financial services used by the victim to its command and control centre. It then invokes a Windows API called GetForegroundWindow() to get control of the currently active window and compares it to a hardcoded list of banking websites and cryptocurrency exchanges. If it is unable to find a target in the window title, it then makes use of the Windows UI Automation service to get the web address and compare it with its list.
And while Coyote’s use of UIA is currently limited to the reconnaissance phase, security researchers at Akamai have shared a proof-of-concept that shows how the Windows feature can be used to steal login credentials entered on these websites. Currently, the malware is targeting Brazilian users, but researchers say that it is common for cybercriminals to test the effectiveness of a new malware in a specific region before they unleash it worldwide.
Recently, cybersecurity researchers came across the first-of-its-kind AI-powered malware called “LameHug” that hides itself in ZIP archives to infect Windows machines.
