Friday, June 19, 2015

Tinba has been Updated, Armored and Attacking European Banks.


The Tinba (Tiny Banker) Trojan has been updated, armored and is attacking European banks. When initially discovered in 2012 the Tinba Trojan weighed in 20KB and was known as the worlds smallest banking Trojan. Its small size made the Trojan fast and hard to detect. The newest version comes into the battle at 10 times the size or 200KB. The size increase is caused by the additional powerful capabilities added to this Banking Trojan. These capabilities include social engineering techniques, sandbox evasion, CnC authentication and encrypted communications just to name a few.
One of the more fascinating features of this Trojan is the infrastructure built for it. First, the use of encryption is done between the CnC server and Trojan itself. This makes it difficult for law enforcement or security researchers to spoof communications. Additionally, if the built in CnC servers are unavailable the Trojan can use its an algorithm to generate 1000s of possible backup domains as possible host to connect to. If the criminal gang behind the infrastructure were to lose access to the CnC servers they would just need to bring up servers with domain names that would meet the criteria of the algorithm. Last but certainly not least the same infrastructure used to host this Trojan is also hosting other malware. This infrastructure is resilient, powerful and simply amazing!     
If you happen to become infected with this beast it will spring into action once you log into targeted site. It starts by launching webinjects customized for the bank requesting login credentials, personal information or permission to transfer funds. It may also warn you that extra money has been accidentally transferred into your account and it must be refunded immediately.
This Trojan is very powerful and is highly customizable to fit the location and language of the target. The latest version has been customized to target European banks and their customers. Due to the fast pace of change concerning this threat any opportunity must be taken to lower the risk of a successful attack.
What you need to know and do.                
This Trojan has been seen delivered by the Rig Exploit Kit.
Keep your OS and applications updated.
Pay attention to unusual request and changes when you do your online banking, when in any doubt contact your financial institution.    
References: