Coyote malware abuses Microsoft's UI Automation to hunt banking creds

A new variant of the Coyote banking trojan abuses Microsoft's UI Automation (UIA), making it the first reported malware to use UIA for credential theft.

According to Akamai, which documented the UIA abuse in a Tuesday report, this Coyote variant is being aimed at Brazilians, and has already used the Microsoft accessibility framework to pilfer user credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges.

UIA is an accessibility framework for Windows that allows assistive technology products — like screen readers —  and automated testing tools to interact with and retrieve information about the user interface elements of other applications. 

While it's intended to make apps more accessible to users with disabilities, criminals will find a way to abuse just about any software tool, even ones built with the best of intentions.

Last December, Akamai security researcher Tomer Peled detailed how attackers could abuse UIA to steal credentials ...