Shifu Officially Spreads to the UK: Banks and Wealth Management Firms Beware
Less
than a month after Security Intelligence announced the discovery of the
brand-new and highly advanced banking Trojan Shifu, our predictions
materialized and the malware has spread from Japan and begun actively attacking
U.K. banks and wealth management firms.
Shifu,
which is suspected to have been created by Russian-speaking malware authors,
only targeted 14 Japanese banks at the time of its discovery and also focused
on a select set of electronic banking platforms used across Europe. However,
due to the threat’s level of sophistication, IBM Security X-Force researchers
predicted it would spread into new territories in the near future. As of Sept.
22, that prediction is a reality, with the U.K. receiving its very own Shifu
configuration with 18 new targets.
Shifu Moves to the UK
X-Force
researchers confirmed that Shifu is actively attacking online banking customers
in order to perform fraudulent transactions.
The
Shifu Trojan may be new crimeware, but its inner workings are not entirely
unfamiliar. The malware relies on a few tried-and-true Trojan mechanisms from
other infamous crimeware codes. It appears that Shifu’s internal makeup is
being composed by savvy developers who are intimately familiar with other types
of banking malware.
Beyond
dressing Shifu with select features from the more nefarious codes known to
information security professionals, these developers are already working on
internal changes to Shifu. These are designed to ensure the Trojan’s security
evasion mechanisms continue to perform.
For example,
in its new, U.K.-dedicated samples, Shifu no longer injects into the
explorer.exe process. Rather, it has modified its action path to launch a new
svchost instance and performs all actions from that process instead.
Read
this post here
Comments
Post a Comment