Banking Malware Maverick and Coyote Linked via WhatsApp

Threat hunters have uncovered similarities between banking malware Coyote and Maverick, both targeting users and banks in a specific region. Both malware strains are written in .NET and feature identical functionality to decrypt banking URLs and monitor banking applications. Maverick, attributed to a threat actor dubbed Water Saci, spreads through WhatsApp Web and monitors active browser tabs for financial institution URLs. The malware establishes contact with a remote server to fetch commands and steal credentials. Cybersecurity firms have noted code overlaps between Maverick and Coyote, suggesting a possible evolution or shared development.

Latest mentioned: 11-11

Earliest mentioned: 11-11

Sources

thehackernews.com gbhackers.com

Also Read

Cyber-Attack Exploits Google Find Hub to Wipe Android Data

A new cyber-attack has been discovered exploiting Google’s Find Hub service to remotely wipe data from Android devices. The attack, linked to a long-running APT campaign, involved distributing malicious files disguised as stress-relief programs through a popular messenger. Attackers impersonated psychological counselors and human rights activists to gain trust. Once executed, the infected files obtained Google account credentials and triggered the Find Hub remote-wipe function, deleting all data on targeted smartphones and tablets. This marks the first confirmed case of a state-sponsored group abusing Google’s device management feature for destructive operations.

11-12Read more →