New Coyote Malware Exploits Microsoft's UI Automation to Steal Brazilian Users' Financial Data
Cybersecurity experts have warned of a new threat exploiting Microsoft's UI Automation. Dubbed Coyote malware, it's the first to use this framework for malicious purposes, targeting Brazilian users' financial data.
Akamai security researchers have discovered a novel variant of Coyote malware, which employs Microsoft's UI Automation to carry out attacks. This framework, designed for accessibility purposes, is now being abused for data extraction and manipulation.
Coyote malware, first mentioned in Akamai's 2023 research, uses UI Automation to delve into UI elements and extract concealed web addresses. This information is then used for credential theft, targeting Brazilian users across 75 banks and crypto platforms. To detect such abuses, administrators should monitor for unknown processes loading Microsoft UI Automation and specific named pipes.
The adoption of Microsoft's UI Automation by malware authors, as seen with Coyote malware, highlights the evolving nature of cyber threats. Users and administrators must remain vigilant and implement robust security measures to protect against these novel attack methods.
