New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

[silversurfer]

Content source

https://thehackernews.com/2024/02/new-coyote-trojan-targets-61-brazilian.html

Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote.

"This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report.

What makes Coyote a different breed from other banking trojans of its kind is the use of the open-source Squirrel framework for installing and updating Windows apps. Another notable departure is the shift from Delphi – which is prevalent among banking malware families targeting Latin America – to an uncommon programming language like Nim.

In the attack chain documented by Kaspersky, a Squirrel installer executable is used as a launchpad for a Node.js application compiled with Electron, which, in turn, runs a Nim-based loader to trigger the execution of the malicious Coyote payload by means of DLL side-loading.