Banks and Cryptocurrency Platforms at Risk from New Malware Variant Using Microsoft's UI Automation Framework
PorAinvest
viernes, 25 de julio de 2025, 9:51 pm ET1 min de lectura
AKAM--
Coyote malware has traditionally employed keylogging and phishing overlays to steal banking information. However, the new variant marks a significant escalation, using UIA to automate the extraction of sensitive data. This technique allows Coyote to parse through UI elements of active windows, identify banking and cryptocurrency platforms, and extract credentials without the need for human intervention. The malware sends this information to command-and-control servers, enabling attackers to carry out credential stuffing attacks and compromise user accounts [1].
The use of UIA by Coyote highlights the growing sophistication of malware techniques and the need for robust cybersecurity measures. Cybersecurity experts recommend monitoring the use of the `UIAutomationCore.dll` and named pipes opened by UIA as indicators of malicious activity. Additionally, organizations should update their systems and educate personnel about the threat posed by Coyote and other malware families.
Microsoft has been proactive in addressing vulnerabilities in its products, including the recent emergency security update for a critical SharePoint vulnerability being actively exploited by state-affiliated cyber actors. However, the misuse of UIA by Coyote underscores the ongoing challenge of protecting against sophisticated threats [2].
As the threat landscape continues to evolve, it is crucial for both users and organizations to stay vigilant and adopt proactive cybersecurity measures. This includes keeping systems up-to-date, educating personnel about potential threats, and implementing robust security protocols to mitigate the risk of data breaches.
References:
[1] https://www.akamai.com/blog/security-research/active-exploitation-coyote-malware-first-ui-automation-abuse-in-the-wild
[2] https://www.scworld.com/brief/updated-coyote-trojan-exploits-microsoft-ui-automation
[3] https://www.ainvest.com/news/microsoft-probes-suspected-mapp-leak-enabling-chinese-hackers-exploit-sharepoint-vulnerability-2507/
MSFT--
A new variant of the Coyote malware family has been detected using Microsoft's UI Automation (UIA) framework to target sensitive banking data. This development poses a significant threat to both banking and cryptocurrency users, particularly in Brazil, where it aims to capture user information related to 75 different banks and cryptocurrency platforms. The Coyote malware family was first detected in February 2024 and has been spreading through phishing layers and keyloggers. Cybersecurity experts warn of the misuse of Microsoft's UIA technology and urge users to be cautious about unknown file attachments and organizations to update systems and educate personnel about such malware threats.
A new variant of the Coyote malware family has been detected, employing Microsoft's UI Automation (UIA) framework to target sensitive banking data. This development poses a significant threat to both banking and cryptocurrency users, particularly in Brazil, where it aims to capture user information related to 75 different banks and cryptocurrency platforms. The Coyote malware family was first detected in February 2024 and has been spreading through phishing layers and keyloggers. Cybersecurity experts warn of the misuse of Microsoft's UIA technology and urge users to be cautious about unknown file attachments and organizations to update systems and educate personnel about such malware threats.Coyote malware has traditionally employed keylogging and phishing overlays to steal banking information. However, the new variant marks a significant escalation, using UIA to automate the extraction of sensitive data. This technique allows Coyote to parse through UI elements of active windows, identify banking and cryptocurrency platforms, and extract credentials without the need for human intervention. The malware sends this information to command-and-control servers, enabling attackers to carry out credential stuffing attacks and compromise user accounts [1].
The use of UIA by Coyote highlights the growing sophistication of malware techniques and the need for robust cybersecurity measures. Cybersecurity experts recommend monitoring the use of the `UIAutomationCore.dll` and named pipes opened by UIA as indicators of malicious activity. Additionally, organizations should update their systems and educate personnel about the threat posed by Coyote and other malware families.
Microsoft has been proactive in addressing vulnerabilities in its products, including the recent emergency security update for a critical SharePoint vulnerability being actively exploited by state-affiliated cyber actors. However, the misuse of UIA by Coyote underscores the ongoing challenge of protecting against sophisticated threats [2].
As the threat landscape continues to evolve, it is crucial for both users and organizations to stay vigilant and adopt proactive cybersecurity measures. This includes keeping systems up-to-date, educating personnel about potential threats, and implementing robust security protocols to mitigate the risk of data breaches.
References:
[1] https://www.akamai.com/blog/security-research/active-exploitation-coyote-malware-first-ui-automation-abuse-in-the-wild
[2] https://www.scworld.com/brief/updated-coyote-trojan-exploits-microsoft-ui-automation
[3] https://www.ainvest.com/news/microsoft-probes-suspected-mapp-leak-enabling-chinese-hackers-exploit-sharepoint-vulnerability-2507/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios