Researchers Expose Deep Connections Between Maverick and Coyote Banking Malware

Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp.

The discovery came after investigating a suspicious file download incident flagged through the messaging platform, leading to a comprehensive threat analysis that reveals alarming similarities between the two malware families.

The investigation began when CyberProof’s SOC team and threat hunters detected malicious file activity originating from WhatsApp downloads.

While the complete infection chain proved elusive due to failed command-and-control connections, VirusTotal hunting techniques allowed researchers to collect additional samples tied to the Brazilian-targeting campaign.

Cross-referencing this data with public research from security firms, including Kaspersky, Sophos, and Trend Micro, confirmed the relationship between these banking trojans and earlier variants, such as the WhatsApp worm and Sorvepotel malware.

The technical analysis reveals striking parallels between Maverick and Coyote, suggesting possible code sharing or ...