A new variant of the Coyote banking Trojan exploits Microsoftβs UI Automation (UIA) framework to steal credentials from targeted banking and cryptocurrency websites. This innovative abuse of accessibility tools marks a significant evolution in malware techniques targeting financial data. #CoyoteTrojan #UIAutomation
Keypoints
- The Coyote banking Trojan is now using UIA to access user interface elements of applications.
- This malware targets 75 banking and cryptocurrency websites in Brazil by analyzing window titles and UI elements.
- UIA, originally meant to help accessibility, is exploited by criminals to retrieve sensitive user information.
- Coyote employs techniques like keylogging, phishing overlays, and masquerading as update tools to evade security measures.
- The malware collects victim data such as usernames, device info, and targeted financial institutions, then transmits it to an attacker-controlled server.
Read More: https://www.theregister.com/2025/07/24/coyote_malware_microsoft_uia/