Subj : Dangerous new malware exploits Windows accessibility tools to hij To : All From : TechnologyDaily Date : Wed Jul 23 2025 18:15:07 Dangerous new malware exploits Windows accessibility tools to hijack banking accounts Date: Wed, 23 Jul 2025 17:03:00 +0000 Description: Coyote malware wants to read the contents of your browser - just in case you open up a crypto exchange site. FULL STORY ======================================================================Banking trojan Coyote now abuses Microsofts UI Automation framework The framework allows it to spot when a person opens a banking site It can cross-reference the data in the browser with a hardcoded list of banking and crypto apps Coyote, a known banking trojan malware capable of attacking dozens of crypto and banking apps, has been upgraded to identify crypto exchanges and bank accounts opened in the web browser, experts have warned. Cybersecurity researchers Akamai, who have been warning about Coyote since December 2024, noted how in previous iterations, Coyote would either log keys or present phishing overlays, in order to exfiltrate login information for 75 banking and cryptocurrency exchange apps. However, if a user would open these accounts in the browser, Coyote wouldnt be triggered. However this new variant abuses Microsofts UI Automation framework to identify which banking and crypto exchange sites the victim opened in their browser, too. Get Keeper's Personal Password Manager plan for just $1.67/month Keeper is a password manager with top-notch security. It's fast, full-featured, and offers a robust web interface. The Personal Plan gets you unlimited password storage across all your devices, auto-login & autofill to save time, secure password sharing with trusted contacts, biometric login & 2FA for added security. View Deal Brazilians in the crosshairs Microsoft's UI Automation (UIA) framework is an accessibility system that helps software interact with Windows apps. Its especially useful for things like screen readers and automated testing, as it lets programs see buttons, menus, and other parts of an app, and even click or read them. According to Akamai, Coyote can now use UIA to read the web address found in the browsers tabs or address bar, and then compare the results with a hardcoded list of 75 targeted services. If it finds a match, it will use UIA to parse through the UI child elements, trying to find which tabs or address bars there are. "The content of these UI elements will then be cross-referenced with the same list of addresses from the first comparison, they explained. Akamai says that Coyote primarily targets Brazilian users. The banks it usually goes after are Banco do Brasil, CaixaBank, Banco Bradesco, Santander, Original bank, Sicredi, Banco do Nordeste, Expanse apps, and different crypto exchanges (Binance, Electrum, Bitcoin, Foxbit, and more). The researchers first warned about UIA being abused in credential theft late last year, and now their predictions seem to have come true, since Coyote is apparently the first one to use this tactic in the wild. Via BleepingComputer You might also like How to defend against AI-powered mobile banking trojan attacks Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/dangerous-new-malware-exploits-windows- accessibility-tools-to-hijack-banking-accounts --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .