Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. “This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection,” Russian cybersecurity firm Kaspersky said in a Thursday report. What Read More
Coyote: A multi-stage banking Trojan abusing the Squirrel installer
This malware utilizes the Squirrel installer for distribution, leveraging NodeJS and a relatively new multiplatform programming language called Nim as a loader to complete its infection. We have named this newly discovered Trojan “Coyote” due to the role of coyotes as natural predators of squirrels. The Nim language defines itself as a “statically typed compiled systems programming language that combines successful concepts from mature languages like Python, Ada and Modula”. The adoption of less popular/cross-platform languages by cybercriminals is something we identified as a trend in our Crimeware and financial cyberthreats for 2024.