Windows only malware ...
"The software nasty works by intercepting data typed into web pages in Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and perhaps other browsers, and sending any sensitive information - such as bank account passwords - to miscreants' central command servers."
"Once run, the service injects malicious code into various native Windows processes, then terminates itself, so no malware process is found in memory thereafter."