The banking trojan Shifu, first seen a month ago in Japan, has now been detected attacking 18 financial firms in the U.K., according to IBM site Security Intelligence.

The malware captures passwords and user details from online forms and can enable miscreants to take over accounts and siphon money. The new crimeware being seen in the U.K. campaign has evolved from that used in Japan, with code inserted to circumvent security mechanisms.

First detected in the U.K. in mid-September, Shifu was soon after observed infecting hundreds of endpoints per day.

IBM X-Force researchers suspect that financial customers are being tricked into clicking email spam links that bring them to poisoned websites hosting the Angler exploit kit. The malady is predicted to only grow in intensity and spread to other parts of Europe as well as the U.S., the researchers said.