Coyote is a stealthy Linux malware targeting Brazilian users, stealing banking and crypto credentials using Microsoft’s UI Automation framework. The malware first found in February 2024, it spreads via the Squirrel installer and uses keylogging and phishing techniques. It’s hard to detect and persists after reboot. Users can stay safe by updating software, using trusted tools, enabling 2FA, and avoiding unofficial sources.
This coyote malware make the researcher tripped after they get to know that this malware is stealing bank credentials by actively using Microsoft’s UI Automation (UIA) framework for malicious purposes in real-world environments.The activity was discovered by Akamai, a leading cybersecurity company known for its work in detecting, preventing, and mitigating cyberthreats. According to Tomer Peled, one of his researchers– A new strain of the Coyote malware is focusing on Brazilian users, using the UI Automation (UIA) framework to steal login credentials from 75 banking and cryptocurrency websites.
Data collection and targeting method
Coyote malware is a harmful program that attacks Linux computers. According to the researcher it was first discovered in February 2024 and it has caused substantial harm in the Latin American region since then, coyotes hide inside the system and steal usernames and passwords by secretly watching when someone logs in. It’s hard to detect and can stay active even after restarting the computer. Coyote, a form of deceptive malware that uses techniques including keylogging and phishing overlays, to steal banking information. Coyote uses the Squirrel installer to propagate itself across systems.
How to secure yourself
There are such ways by which you can stay safe from coyote malware for example – check your system regularly for any unusual changes or settings, keep your software and system updated to patch security holes and use trusted security tools to scan for threats. Always install software from official or trusted sources.Use two-factor authentication (2FA) to protect your accounts, by taking these precautions you may protect your system from these types of malware. After the initial discovery of Coyote, many researchers came in front with their research and provided a detailed version of their research outcome. There is such research published by Fortinet in January 2025 & Akamai in July 2025.
With inputs from Ahsan Khan.