Researchers at Denmark's CSIS Security Group have uncovered a new banking Trojan called Tinba. At 20 KB in size, CSIS chief technology officer Peter Kruse says Tinba is the smallest banking Trojan the company has ever encountered.
"It's not just its small stature that makes this Trojan a worthy contender on the crime front: Tinba's tiny payload packs a punch, Kruse said," writes SecurityNewsDaily's Matt Liebowitz. "Not only does it steal login data from infected computers, but it also injects itself into other processes on the system, including explorer.exe, firefox.exe and svchost.exe, with the goal of recruiting the machine into a botnet. Tinba also employs four hard-coded domains to communicate with remote servers; if one fails, the next one takes ever, ensuring a successful connection with the command-and-control server."
"Similar to other banking Trojans, Tinba also utilizes webinjects and Man-in-the-Brower attacks in order to trick the potential victim into handing over transaction authentication numbers (TAN), two factor authentication codes, and other valuable details," writes Softpedia's Eduard Kovacs. "When executed, it uses an obfuscated injection routine that allows it to avoid being detected by security solutions."
"Tinba is the latest in a long and distinguished line of banker Trojans that are designed specifically to relieve victims of their money through background monitoring of online banking sessions or modification of Web pages," writes Threatpost's Dennis Fisher. "Its small size suggests that the attackers behind the malware didn't want to waste any time or bits on extraneous features. They were interested solely in accomplishing the goal at hand: robbing and stealing."