The Shifu banking trojan is being used by cybercriminals to target 14 Japanese banks, at least that is what the research reports claim.
The research which has been published online by Limor Kessem (Cybersecurity Evangelist at IBM) claims that the Shifu malware is using codes from the following known malware families:
The Shifu Banking Trojan uses the following techniques:
- Domain Generation Algorithm
- Theft from bank applications
- Antivirus evasion techniques
- Stealth techniques from the Gozi/ISFB trojan
- Removal of any System Restore point
The report also makes an indication that the malware might be from Russian origin as various ‘Russian’ strings were found in the Shifu banking trojan. The malware campaign which is currently targeting the 14 Japanese banks is trying to infect systems with the Shifu Banking Trojan by sending the victims an malicious email.
So please (always) be carefull when you click on a link which has been send to you via an email.