According to Trustwave, the malware is manually installed by attackers after they have compromised a web server. Known as ISN, the malware is used by attackers to target sensitive information in POST requests.