Summary: Brazilian Windows users are being targeted by a sophisticated banking malware campaign known as Coyote, which executes various malicious activities like keylogging and credential theft. Initially delivered through LNK files that run PowerShell commands, this malware can extract sensitive information from over 1,030 websites and 73 financial agents. The complex, multi-staged infection process enhances its evasion tactics and potential threat to financial cybersecurity.
Affected: Brazilian Windows users, financial institutions
Keypoints :
- Malware capable of keylogging, screenshot capture, and phishing overlays.
- Initial delivery via LNK files executing PowerShell commands to retrieve malicious payloads.
- Expanded target list includes over 1,030 sites and 73 financial entities in Brazil.
Source: https://thehackernews.com/2025/02/coyote-malware-expands-reach-now.html