× News Alerts AI News CyberSec News Let's Talk Local AI Bank Tech News Cyber Advisories Contact

Coyote malware steals data via Windows accessibility framework abuse

Newsroom - 22 July 2025 - 20:54

A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft.

Coyote malware steals data via Windows accessibility framework abuse

A novel variant of the 'Coyote' banking trojan has emerged. This new iteration has initiated the exploitation of a Windows accessibility feature, specifically Microsoft's UI Automation framework.

Its primary aim is to pinpoint banking and cryptocurrency exchange websites accessed on a compromised device. This mechanism is leveraged to facilitate the potential theft of user credentials.

Coyote malware Windows accessibility data theft cryptocurrency exchange

Coyote malware steals data via Windows accessibility framework abuse

A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft.

Subscribe for AI & Cybersecurity news and insights