Russian cybersecurity firm Kaspersky has identified a new malware, “Coyote,” which has been seen to be broadly targeted banking applications in Brazil, with sixty-one (61) banks affected so far. Coyote has a sophisticated infection chain that first, utilizes the Squirrel installer for distribution. Squirrel is a legitimate open source tool that is used to install and update Windows desktop applications. To complete its infection, Coyote leverages NodeJS and Nim. Coyote uses string obfuscation with AES encryption to hide from detection. It is currently known for twelve (12) malicious functionalities.

Because of Coyote’s unique infection chain, researchers anticipate it will be harder for cybersecurity teams to detect. Currently, 90% of Coyote infections have originated from Brazil, but companies outside of Brazil will also want to be on the lookout for this banking Trojan as it continues to develop. Historically, Brazilian banking Trojans have been used to attack banks globally.

Authored by Nathan Salminen and Rachel Dalton.