Dangerous new malware exploits Windows accessibility tools to hijack banking accounts

Banking trojan Coyote now abuses Microsoft’s UI Automation framework
The framework allows it to spot when a person opens a banking site
It can cross-reference the data in the browser with a hardcoded list of banking and crypto apps

Coyote, a known banking trojan

Get Keeper’s Personal Password Manager plan for just $1.67/month

Keeper is a password manager with top-notch security. It’s fast, full-featured, and offers a robust web interface. The Personal Plan gets you unlimited password storage across all your devices, auto-login & autofill to save time, secure password sharing with trusted contacts, biometric login & 2FA for added security.View Deal

Brazilians in the crosshairs

Microsoft’s UI Automation (UIA) framework is an accessibility system that helps software interact with Windows apps.

It’s especially useful for things like screen readers and automated testing, as it lets programs “see” buttons, menus, and other parts of an app, and even click or read them.

According to Akamai, Coyote can now use UIA to read the web address found in the browser’s tabs or address bar, and then compare the results with a hardcoded list of 75 targeted services. If it finds a match, it will use UIA to parse through the UI child elements, trying to find which tabs or address bars there are.

“The content of these UI elements will then be cross-referenced with the same list of addresses from the first comparison,” they explained.

Akamai says that Coyote primarily targets Brazilian users. The banks it usually goes after are Banco do Brasil, CaixaBank, Banco Bradesco, Santander, Original bank, Sicredi, Banco do Nordeste, Expanse apps, and different crypto exchanges (Binance, Electrum, Bitcoin, Foxbit, and more).

The researchers first warned about UIA being abused in credential theft late last year, and now their predictions seem to have come true, since Coyote is apparently the first one to use this tactic in the wild.

Via BleepingComputer