Coyote Banking Trojan: A Stealthy Attack via LNK Files
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated multi-stage attack utilizing LNK files to deliver the Coyote Banking Trojan has been identified, primarily targeting Brazilian financial applications. The malware employs PowerShell commands, shellcode injection, and registry manipulation to establish persistence and evade detection. It monitors user activity, captures sensitive information from over 1,000 targeted websites and 73 financial agents, and communicates with command and control servers. The Trojan's capabilities include keylogging, screenshot capture, and displaying phishing overlays. This complex attack highlights the need for robust cybersecurity measures to protect against evolving threats in the financial sector.
OPENCTI LABELS :
phishing,lnk files,coyote banking trojan
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Coyote Banking Trojan: A Stealthy Attack via LNK Files