Coyote Malware Evolution: From Phishing to WhatsApp Hijacking

Cyber Security News by CyberSum.net

Published on October 29, 2025 at 09:00 AM

4 sources

Coyote malware, initially spread through phishing in 2022, evolved to use WhatsApp for propagation by 2025. The malware shifted from ZIP archives to spearphishing links and NuGet packages, eventually leveraging WhatsApp Web for mass distribution. By 2025, it employed modular architecture and sophisticated overlay windows to steal credentials. The campaign, identified as Water Saci, showcased advanced persistence and evasion techniques, highlighting the increasing sophistication of banking Trojans.

Also Read

Cyber Espionage Campaign SkyCloak Targets Military Personnel

Researchers at SEQRITE Labs have uncovered a stealthy cyber espionage campaign dubbed 'Operation SkyCloak,' targeting military personnel from multiple countries. The campaign uses a multi-stage PowerShell-based intrusion chain for persistent, covert remote access within military and defense networks. SkyCloak's unusual cross-border focus suggests an escalation in intelligence warfare, with the infection chain beginning with phishing ZIP archives disguised as military documents. The malware employs advanced evasion techniques, including anti-sandbox checks and Tor-based communication channels, to maintain stealthy operations.

By Cyber Security News by CyberSum.netNovember 3, 2025 at 09:00 AM