Kaspersky Labs recently made a significant discovery in the field of cybersecurity, uncovering a new banking Trojan known as Coyote. This Trojan specifically targets users associated with more than 60 banking institutions in Brazil [7], but its reach has the potential to extend beyond the country’s borders.


Coyote is distributed via email and disguises itself as a Windows update [6], using a multi-stage installation strategy to evade detection by antivirus software [6]. It utilizes various components, including an open source installer called Squirrel [9], NodeJS [2] [3] [8] [9], and the nim programming language [1] [3] [5] [6] [8], which is uncommon for Trojans [6]. Once installed, Coyote monitors the victim’s activity on banking websites [6], capturing keystrokes [6], moving the mouse [6], and setting up fake pages to steal data [6]. The criminals behind Coyote can then use the stolen information to carry out financial transactions or make purchases with stolen credit card information [6].

Brazilian banking Trojans have a history of expanding globally [9], with reported attacks in countries like Australia, Europe [9], and Italy [9]. However, efforts by law enforcement to combat these attackers in Brazil have been limited [9]. As Coyote continues to target 61 online banking applications and evade detection [4], the ongoing fight against financial cybercrime remains a top priority.

Kaspersky’s researchers have conducted a thorough investigation, shedding light on Coyote’s advanced evasion tactics and the use of the Squirrel installer for distribution, a method not commonly associated with malware delivery [5] [7] [10]. To avoid falling victim to Coyote [6], users are advised to be cautious of emails from unknown or suspicious senders and to verify the server domain matches the original website [6].


The rise of this new banking Trojan highlights the importance of using the latest defenses to protect digital assets [5]. As Coyote primarily targets users affiliated with over 60 banking institutions in Brazil [5] [7] [10], it is crucial for individuals and organizations to remain vigilant and take necessary precautions. Efforts to combat these attackers in Brazil need to be strengthened, and international cooperation is essential to mitigate the global impact of such cyber threats.


[1] https://thenewsglory.com/new-virus-that-diverts-transfers-in-more-than-60-banks-is-detected/
[2] https://securityonline.info/update-beware-coyote-trojan-uses-disguise-to-infiltrate-brazilian-banks/
[3] https://www.443news.com/2024/02/coyote-a-multi-stage-banking-trojan-abusing-the-squirrel-installer/
[4] https://bnnbreaking.com/tech/the-rise-of-coyote-a-new-threat-in-brazils-financial-malware-landscape
[5] https://vmblog.com/archive/2024/02/08/kaspersky-unveils-coyote-banking-trojan-targeting-over-60-institutions.aspx
[6] https://www1.folha.uol.com.br/tec/2024/02/brasileiros-criam-e-exportam-virus-que-desvia-transferencias-em-mais-de-60-bancos.shtml
[7] https://www.kaspersky.com/about/press-releases/2024coyote-ugly-kaspersky-unveils-banking-trojan-targeting-over-60-institutions
[8] https://ciso2ciso.com/coyote-a-multi-stage-banking-trojan-abusing-the-squirrel-installer-source-securelist-com/
[9] https://www.darkreading.com/threat-intelligence/coyote-malware-preying-61-banking-apps
[10] https://usa.kaspersky.com/about/press-releases/2024