It's the first known instance of malware that abuses the UIA framework and has enabled dozens of attacks against banks and crypto exchanges in Brazil.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

The Coyote banking trojan has become the first known malware to exploit Windows UI Automation framework to steal banking credentials. Active since February 2024, it targets users of 75 banks and crypto exchanges in Brazil by using the accessibility framework to extract sensitive information from browser tabs and address bars. The malware operates both online and offline, continuously searching for banking-related content and sending data to command-and-control servers. This represents a significant evolution in malware tactics, as attackers abuse legitimate Windows features to evade detection while maintaining persistent access to victim systems.

Banking Trojan Coyote Abuses Windows UI Automation