Phone : +91 95 8290 7788 | Email :

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

Feb 09, 2024 Newsroom Endpoint Security / Cryptocurrency

Coyote Banking Trojan

Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote.

“This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection,” Russian cybersecurity firm Kaspersky said in a Thursday report.

What makes Coyote a different breed from other banking trojans of its kind is the use of the open-source Squirrel framework for installing and updating Windows apps. Another notable departure is the shift from Delphi – which is prevalent among banking malware families targeting Latin America – to an uncommon programming language like Nim.

In the attack chain documented by Kaspersky, a Squirrel installer executable is used as a launchpad for a Node.js application compiled with Electron, which, in turn, runs a Nim-based loader to trigger the execution of the malicious Coyote payload by means of DLL side-loading.

The malicious dynamic-link library, named “libcef.dll,” is side-loaded by means of a legitimate executable named “obs-browser-page.exe,” which is also included in the Node.js project. It’s worth noting that the original libcef.dll is part of the Chromium Embedded Framework (CEF).

Coyote, once executed, “monitors all open applications on the victim’s system and waits for the specific banking application or website to be accessed,” subsequently contacting an actor-controlled server to fetch next-stage directives.

Coyote Banking Trojan

It has the capability to execute a wide range of commands to take screenshots, log keystrokes, terminate processes, display fake overlays, move the mouse cursor to a specific location, and even shut down the machine. It can also outright block the machine with a bogus “Working on updates…” message while executing malicious actions in the background.

“The addition of Nim as a loader adds complexity to the trojan’s design,” Kaspersky said. “This evolution highlights the increasing sophistication within the threat landscape and shows how threat actors are adapting and using the latest languages and tools in their malicious campaigns.”

The development comes as Brazilian law enforcement authorities dismantled the Grandoreiro operation and issued five temporary arrest warrants and 13 search and seizure warrants for the masterminds behind the malware across five Brazilian states.

It also follows the discovery of a new Python-based information stealer that’s related to the Vietnamese architects associated with MrTonyScam and distributed via booby-trapped Microsoft Excel and Word documents.

The stealer “collects browsers’ cookies and login data […] from a wide range of browsers, from familiar browsers such as Chrome and Edge to browsers focused on the local market, like the Cốc Cốc browser,” Fortinet FortiGuard Labs said in a report published this week.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India













What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.


Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.


Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : | Support Email :

Register & Request Quote | Submit Support Ticket