The Tinba (Tiny Banker) Trojan has been updated, armored and
is attacking European banks. When initially discovered in 2012 the Tinba Trojan
weighed in 20KB and was known as the worlds smallest banking Trojan. Its small
size made the Trojan fast and hard to detect. The newest version comes into the
battle at 10 times the size or 200KB. The size increase is caused by the
additional powerful capabilities added to this Banking Trojan. These
capabilities include social engineering techniques, sandbox evasion, CnC
authentication and encrypted communications just to name a few.
One of the more fascinating features of this Trojan is the
infrastructure built for it. First, the use of encryption is done between the
CnC server and Trojan itself. This makes it difficult for law enforcement or
security researchers to spoof communications. Additionally, if the built in CnC
servers are unavailable the Trojan can use its an algorithm to generate 1000s
of possible backup domains as possible host to connect to. If the criminal gang
behind the infrastructure were to lose access to the CnC servers they would
just need to bring up servers with domain names that would meet the criteria of
the algorithm. Last but certainly not least the same infrastructure used to
host this Trojan is also hosting other malware. This infrastructure is
resilient, powerful and simply amazing!
If you happen to become infected with this beast it will
spring into action once you log into targeted site. It starts by launching
webinjects customized for the bank requesting login credentials, personal
information or permission to transfer funds. It may also warn you that extra
money has been accidentally transferred into your account and it must be
refunded immediately.
This Trojan is very powerful and is highly customizable to
fit the location and language of the target. The latest version has been
customized to target European banks and their customers. Due to the fast pace
of change concerning this threat any opportunity must be taken to lower the
risk of a successful attack.
What you need to know
and do.
This Trojan has been seen delivered by the Rig Exploit Kit.
Keep your OS and applications updated.
Pay attention to unusual request and changes when you do your online banking, when in any doubt contact your financial institution.
Keep your OS and applications updated.
Pay attention to unusual request and changes when you do your online banking, when in any doubt contact your financial institution.
References:
No comments:
Post a Comment