Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Coyote. Show all posts
Windows
Coyote Data Theft malware Microsoft UIA Windows

New Coyote Malware Variant Exploits Windows Accessibility Tool for Data Theft

 




A recently observed version of the banking malware known as Coyote has begun using a lesser-known Windows feature, originally designed to help users with disabilities, to gather sensitive information from infected systems. This marks the first confirmed use of Microsoft’s UI Automation (UIA) framework by malware for this purpose in real-world attacks.

The UI Automation framework is part of Windows’ accessibility system. It allows assistive tools, such as screen readers, to interact with software by analyzing and controlling user interface (UI) elements, like buttons, text boxes, and navigation bars. Unfortunately, this same capability is now being turned into a tool for cybercrime.


What is the malware doing?

According to recent findings from cybersecurity researchers, this new Coyote variant targets online banking and cryptocurrency exchange platforms by monitoring user activity on the infected device. When a person accesses a banking or crypto website through a browser, the malware scans the visible elements of the application’s interface using UIA. It checks things like the tab names and address bar to figure out which website is open.

If the malware recognizes a target website based on a preset list of 75 financial services, it continues tracking activity. This list includes major banks and crypto platforms, with a focus on Brazilian users.

If the browser window title doesn’t give away the website, the malware digs deeper. It uses UIA to scan through nested elements in the browser, such as open tabs or address bars, to extract URLs. These URLs are then compared to its list of targets. While current evidence shows this technique is being used mainly for tracking, researchers have also demonstrated that it could be used to steal login credentials in the future.


Why is this alarming?

This form of cyberattack bypasses many traditional security tools like antivirus programs or endpoint detection systems, making it harder to detect. The concern grows when you consider that accessibility tools are supposed to help people with disabilities not become a pathway for cybercriminals.

The potential abuse of accessibility features is not limited to Windows. On Android, similar tactics have long been used by malicious apps, prompting developers to build stricter safeguards. Experts believe it may now be time for Microsoft to take similar steps to limit misuse of its accessibility systems.

While no official comment has been made regarding new protections, the discovery highlights how tools built for good can be misused if not properly secured. For now, the best defense remains being careful, both from users and from developers of operating systems and applications.



Read more »
Subscribe to: Posts (Atom)