The Register: Coyote malware abuses Microsoft’s UI Automation to hunt banking creds

Jul 24, 2025

—

Source URL: https://www.theregister.com/2025/07/24/coyote_malware_microsoft_uia/
Source: The Register
Title: Coyote malware abuses Microsoft’s UI Automation to hunt banking creds

Feedly Summary: Some coyotes hunt squirrels, this one hunts users’ financial apps
A new variant of the Coyote banking trojan abuses Microsoft’s UI Automation (UIA), making it the first reported malware to use UIA for credential theft.…

AI Summary and Description: Yes

Summary: The text discusses a new variant of the Coyote banking trojan that utilizes Microsoft’s UI Automation (UIA) for credential theft. This development is significant as it marks the first instance of malware leveraging UIA, raising new security concerns for developers and users of financial applications.

Detailed Description: The emergence of the Coyote banking trojan variant highlights the evolving landscape of cybersecurity threats. With its innovative use of UI Automation, the malware represents a novel approach to credential theft, which can circumvent traditional security measures.

– **Key Points**:
– **New Malware Variant**: The Coyote banking trojan has introduced a variant that specifically targets financial applications.
– **Use of UI Automation**: This is the first known instance of malware exploiting Microsoft’s UI Automation feature for malicious purposes. UIA is typically used for accessibility features, making this a clever tactic by the attackers.
– **Credential Theft**: The primary goal of this variant is to steal user credentials from financial apps, posing a significant risk to victims’ financial security.
– **Implications for Developers**: The use of such techniques necessitates that developers of financial applications enhance their security measures to protect against novel attacks that utilize legitimate system functionalities.

This development should alert security professionals and organizations, particularly those involved in financial technology, to reassess their security protocols and consider integrating advanced detection methods that can identify both traditional and novel types of malware attacks.

2 2025 24 4 5 7 a abuse access accessibility accessibility features Act advanced advanced detection AGI AI and app Application applications Aria art as at attack attackers attacks Auto automation banking Bi by C CERN CI CIA co Col concerns Coyote malware credential credential theft credentials cyber cybersecurit Cybersecurity cybersecurity threat cybersecurity threats D de detection detection methods developer developers development e exp exploit feature features financial financial applications financial tech financial technology first for function g Gen GIS git Go goal H high Highlight HR http HTTPS implications in Instance io IRS J k Key l land led Li M making malware malware attacks measures Micro Microsoft N new no o of on one OPM organization organizations oS per point pre pro professionals protocol protocols ps Q R rag raising RCE re red report Risk Ro RoT s sec security security concerns security measure security measures security professionals security protocols security threat security threats side Sig source specific SSE system system functionalities T tech techniques technology ted text the theft threat threats to TP Troj trojan type UI US use user user credentials Users V victims Ware Wi x z