CyberProof researchers have uncovered a connection between the banking trojans Maverick and Coyote, both targeting Brazilian users via WhatsApp downloads. These malware families share code, infection methods, and attack patterns, highlighting a sophisticated and coordinated threat against financial institutions in Brazil. #MaverickTrojan #CoyoteTrojan #BrazilianBanks #WhatsAppMalware
Keypoints
- Both Maverick and Coyote malware target Brazilian financial institutions and cryptocurrency exchanges.
- The malware spreads through WhatsApp by using shortcut (.lnk) files that spawn PowerShell processes.
- Advanced obfuscation techniques, including nested encoding and multi-stage payloads, are employed to evade detection.
- The malware employs AES + GZIP encryption to decrypt banking URLs and maintain persistence through batch files.
- CyberProof has provided hunting queries to help organizations detect suspicious WhatsApp file downloads and related malware activity.
Read More: https://gbhackers.com/maverick-and-coyote/