Say hello to Tinba: world’s smallest trojan-banker
(Publication) Google search: [1]
| Say hello to Tinba: world’s smallest trojan-banker | |
|---|---|
| |
| Botnet | |
| Malware | Tinba |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-05-31 11:57:42 |
| Editor/Conference | CSIS |
| Link | http://www.csis.dk/en/csis/news/3566/ (Archive copy) |
| Author | Peter Kruse |
| Type | |
Abstract
“ CSIS Security Group A/S has uncovered a new trojan-banker family which we have named Tinba (Tiny Banker) alias “Zusy”.
Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing Two factor Authentification (2FA) or tricking the infected user to give away additional sensitive data such as credit card data or TANs.
Tinba is the smallest trojan-banker we have ever encountered and it belongs to a complete new family of malware which we expect to be battling in upcoming months.
The code is approx 20KB in size (including config and webinjects) and comes simple and clear without any packing or advanced encryption. Antivirus detection of the analyzed samples is low.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1019,
editor = {CSIS},
author = {Peter Kruse},
title = {Say hello to Tinba: world’s smallest trojan-banker},
date = {31},
month = May,
year = {2012},
howpublished = {\url{http://www.csis.dk/en/csis/news/3566/}},
}