Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware

From Botnets.fr
Revision as of 08:09, 9 August 2017 by Eric.freyssinet (talk | contribs)
Jump to navigation Jump to search

(Publication) Google search: [1]

Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware
Botnet Shifu
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target Japan, United Kingdom
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2017 /
Editor/Conference Seucrity Intelligence
Link http://securityintelligence.com/where-are-they-today-cybercrime-trojans-that-no-one-misses-shifu-malware/ (Archive copy)
Author Limor Kissem
Type Blogpost

Abstract

Shifu is a sophisticated banking Trojan that was discovered by X-Force Research in August 2015. According to X-Force analysis of Shifu’s code, this malware borrowed some of its central mechanisms and configuration style from other well-known banking Trojans, such as Shiz, Gozi, Zeus and Dridex. This brought it to a highly functional level right from the moment of its release. At the time of discovery, Shifu’s targets were found to be mostly in Japan, but it didn’t take long for the malware to spread to banks in the U.K. and other parts of Europe.

With unique code mesh and advanced data theft capabilities, it was evident to X-Force researchers that Shifu was created by malware veterans. This suspicion was reinforced by its configuration files that targeted business and wealth management accounts, alluding to the operators’ ability to steal and cash out heftier sums than schemes targeting consumers. This is yet another characteristic of an organized and resource-backed group.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2017BFR5331,
   editor = {Seucrity Intelligence},
   author = {Limor Kissem},
   title = {Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware},
   date = {28},
   month = Mar,
   year = {2017},
   howpublished = {\url{http://securityintelligence.com/where-are-they-today-cybercrime-trojans-that-no-one-misses-shifu-malware/}},
 }