Skip to content ↓ | Skip to navigation ↓

Researchers have discovered a banking trojan, known as ‘Tinba’ or ‘Tiny Banker,’ has been targeting unsuspecting customers of at least 26 different financial institutions worldwide.

According to security firm Avast, the malware has resurfaced and expanded its targets after its original discovery nearly two years ago when it infected tens of thousands of computers in Turkey.

This summer, the malware was seen tricking Czech bank customers into providing their financial information, but researchers say it has since gone global.

The list of newly targeted financial institutions includes many major US-based banks, such as Bank of America, US Bank, Wells Fargo and Chase.

Avast security researchers David Fiser and Jaromir Horejsi explain in a blog post how the Tiny Banker malware successfully attains personal and financial data from customers attempting to access their bank account online:

1. The user visits a website infected with the Rig Exploit kit (Flash or Silverlight exploit).

2. If the user’s system is vulnerable, the exploit executes a malicious code that downloads and executes the malware payload, Tinba Trojan.

3. When the computer is infected and the user tries to log in to one of the targeted banks, webinjects come into effect and the victim is asked to fill out a form with his/her personal data.

4. If he/she confirms the form, the data is sent to the attackers.

An injected form targeting US Bank customers.

Through this process, cybercriminals are able to gather a victim’s credit card information, home address, date of birth, social security number, driver license number and even their mother’s maiden name—a common security questions used to reset a “forgotten” password.

Despite its 20k code base, researchers state the trojan’s capabilities are powerful. The malware has been seen distributed by the Rig exploit kit, with revisions likely due to its leaked source code back in July.

Read More Here…