Tiny but deadly banking Trojan discovered
Posted on 31.05.2012
The discovery of a new banking Trojan by the researchers working for CSIS Security Group has proved that a piece of malware doesn't have to be big and complex to get the job done.

Dubbed "Tinba" (Tiny Banker) and “Zusy”, the Trojan operates by hooking into browsers in order to steal login data.

It is also able to sniff network traffic, as well as perform some Man-in-The-Browser tricks in order to inject legitimate banking sites with additional forms, which ask victims to share more confidential data (credit card numbers, TANs, authentication tokens, etc).

"Tinba is the smallest trojan-banker we have ever encountered and it belongs to a complete new family of malware which we expect to be battling in upcoming months," researcher Peter Kruse points out.

"The code is approximately 20KB in size (including config and webinjects) and comes simple and clear without any packing or advanced encryption. Antivirus detection of the analyzed samples is low."

Tinba receives its instructions and updates from four C&C servers, whose domains are hardcoded into the malware. If the first one is non-responsive, it moves to the second one, and so on. The communication between the Trojan and the servers is encrypted with the RC4 algorithm

"The web inject templates are identical to the ones used by ZeuS but also have capability to use special values," the researcher shared. "An interesting observation is the fact that Tinba will modify headers X-FRAME-Options thus being able to inject insecure non HTTPS supported elements from external servers/websites."

The only good news in all of this is that although Tinba targets financial websites, its list is very small.






Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //