See full article here
We've analyzed the malware and all it does right now is to check which systems have SAP applications installed. However, this might become the basis for future attacks.
Alexander Polyakov, chief technology officer at ERPScan.
When malware does this type of reconnaissance to see if particular software is installed, the attackers either plan to sell access to those infected computers to other cybercriminals interested in exploiting that software or they intend to exploit it themselves at a later time, the researcher said.
Polyakov presented the risks of such attacks and others against SAP systems at the RSA Europe security conference in Amsterdam on Thursday.
To his knowledge, this is the first piece of malware targeting SAP client software that wasn't created as a proof-of-concept by researchers, but by real cybercriminals.