This group's activity was first observed in November 2013. It leverages a banking Trojan more commonly known as Shylock which aims to compromise online banking credentials and credentials related to Bitcoin wallets.
Actor metadata imported from Malpedia (Fraunhofer FKIE).