See the full article here
A new variant of the well-known Shiz remote access trojan (RAT) searches infected systems for the existence of SAP applications. Previous versions of the malware were designed simply to compromise Windows PCs with a remotely-accessible backdoor before stealing confidential data such as passwords and cryptographic certificates connected to online banking.
The new variant includes all of these standard remote access trojan capabilities as well as SAP-related features whose immediate purpose is unclear.
All it does right now is to check which systems have SAP applications installed. However, this might be the beginning for future attacks.
Alexander Polykov, ERPScan.