Attacks with the new Coyote trojan variant over the past month involved the deployment of an LNK file executing a PowerShell command facilitating next-stage PowerShell script retrieval for the eventual launching of the trojan, which not only obtained system details and an antivirus product list but also sought to bypass sandbox discovery, according to a Fortinet FortiGuard Labs study.
Novel SSH backdoor leveraged in Chinese cyberespionage attacks
