An astonishing 20KB in size, retains enough sophistication to match almost anything that can be done by much larger malware types.

Its main purpose is to burrow into browsers in order to steal logins, but it can also use 'obfuscated' (i.e disguised) web injection and man-in-the-browser to attempt to finesse two-factor web authentication systems.

A particularly interesting feature is the way it tries to evade resident security, injecting itself into the Windows svchost.exe and explorer.exe processes, as well as Internet Explorer and Firefox to give itself access to traffic passing through those.

The malware connects to one or more of four command & control domains on an RC4-encrypted channel.

None of this is particularly unusual as malware goes but the getting this sort of feature set out of 20kb (including all injection routines) is the work of a developer that believes size matters and the smaller the better.