The banking trojan Neverquest is continuing to evolve as it targets the Japanese, German and American banking sectors, according to security firm Symantec.
The malware allows hackers to steal bank login details from users by modifying the pages on financial sites, and spreads itself through social networks.
Symantec said: "The configuration file for Japan lists only eight major Japanese financial institutions as targets, compared to ten listed in the German configuration file and more than 50 in the US file."
The firm admitted that eight Japanese financial services targeted "may not sound like too many", but they expect the numbers to increase.
Since December almost two-fifths Neverquest appearances were in the US, with Japan accounting for 18% of occurrences.
It is part of the Snifula family of malware which enables hackers to log keystrokes, capture video and remotely control computers.
"These days we rely on many online services for things such as finance, email, shopping, connecting with friends, and sharing data with others in both our business and personal lives," Symantec said.
"Unfortunately, these services are prime targets for the bad guys."