Wednesday, 21 October 2015

Shifu Banking Trojan

Most of the macro nasties of late have been trying to download the Dridex banking trojan, however
the last couple of days it appears these payloads have switched over to the Shifu Banking Trojan.

"The Trojan is designed to steal a wide range of banking related information such as usernames and passwords to financial accounts, credentials that users key into HTTP forms, private certificates, and even external authentication tokens used by some banks, researchers say...

...Shifu also is capable of stealing data from smartcards if it discovers a smartcard reader attached to the compromised endpoint. The malware can search for and steal from cryptocurrency wallets on infected systems and can detect if it has landed on a point-of-sale system, in which case it proceeds to steal payment card data as well."

An additional key point is that Shifu also wipes the local System Restore point on infected machines :(

No comments: