See full article here
A new variant of the ‘Shiz’ Trojan, a well-known banking malware, has recently been discovered. The Trojan was originally designed to provide the attacker with remote access to the infected PC and steal confidential data such as passwords and cryptographic certificates connected to online banking. To execute remote commands and exfiltrate data, Shiz creates a backdoor and communicates with a specific domain. The new variant includes all of these capabilities, and in addition, it searches infected systems for the existence of SAP applications. All it does right now is to check which systems have SAP applications installed. However, this might be the beginning for future attacks.
According to Alexander Polykov from ERPScan, who shares the Shiz malware variant discovery with the antivirus company Doctor Web