A new version of the banking trojan ‘Coyote’ is utilizing Windows’ UI Automation framework to identify and steal credentials from targeted banking and cryptocurrency websites. This technique, first seen in the wild in February 2025, allows malware to evade detection by accessing UI elements directly. #CoyoteTrojan #UIAutomation
Keypoints
- Coyote malware now exploits Microsoft’s UI Automation framework for credential theft.
- The technique targets browsing interfaces to identify and access banking and exchange sites.
- Attackers can use UIA to parse UI elements if traditional detection methods fail.
- The malware primarily targets Brazilian users and popular financial apps.
- Security experts urge Microsoft to implement safeguards against UIA abuse to prevent data theft.