A multi-stage banking Trojan abusing the Squirrel installer
released on 2024-02-08 @ 02:43:29 PM
A new banking Trojan called Coyote utilizes the Squirrel installer for distribution and leverages NodeJS and the Nim programming language as a loader to infect victims. It specifically targets users of over 60 banking institutions in Brazil. Coyote achieves persistence by abusing Windows logon scripts and monitors banking applications, sending info to C2 servers which respond with actions like keylogging and screenshots.