Where Are They Today? Cybercrime Trojans That No One Misses: Shifu Malware

This is the first installment in an ongoing series about banking malware that faded away in 2017.

---

Cybercrime is a very dynamic threat landscape. With over 100 million malware strains tracked by AV-TEST in 2016, malware can be a dime a dozen. When it comes to the more organized cybercrime groups and sophisticated banking Trojan projects, malware families are more defined and easy to recognize. These threats advance at a trackable pace and their targets are regularly monitored by IBM X-Force.

Gang-owned malware helps its operators steal untold amounts of money. These codes do not typically go away without a publicly visible reason, such as a shutdown by law enforcement. However, there are some notable exceptions.

According to IBM X-Force data, a few major cybercrime groups did crawl out of the spotlight slowly and for no apparent external reason in 2017. Some names that come to mind are Shifu, Tinba, Neverquest, Qadars and GozNym. Where were these malware codes before, and where are they today?

Tracking the Shifu Trojan

Shifu is a sophisticated banking Trojan that was discovered by X-Force Research in August 2015. According to X-Force analysis of Shifu’s code, this malware borrowed some of its central mechanisms and configuration style from other well-known banking Trojans, such as Shiz, Gozi, Zeus and Dridex. This brought it to a highly functional level right from the moment of its release. At the time of discovery, Shifu’s targets were found to be mostly in Japan, but it didn’t take long for the malware to spread to banks in the U.K. and other parts of Europe.

With unique code mesh and advanced data theft capabilities, it was evident to X-Force researchers that Shifu was created by malware veterans. This suspicion was reinforced by its configuration files that targeted business and wealth management accounts, alluding to the operators’ ability to steal and cash out heftier sums than schemes targeting consumers. This is yet another characteristic of an organized and resource-backed group.

Read more about Shifu’s demise here.