The Tinba trojan, commonly referred to as “Tiny Banker” or “Zusy,” is a modified banking trojan specifically designed to target financial institutions. Tinba typically operates by infecting the victim’s system and web browser, obtaining sensitive data by viewing packets passed between the browser and the server OR by creating a fake popup requesting login information for the bank after the user accessed the legitimate website, and then sending that data back to one of its C2 servers.
Named as one of the top 10 "Most Wanted" Malware in May 2016 by Check Point, Tinba was first discovered in 2012 and, at that time, it had the smallest file size (20KB) of any known banking trojan in circulation. In 2014, its source code was released, prompting hackers to create their own variants of Tinba with additional functionality such as advanced encryption methods, public key signing, and rootkit capabilities.
In May 2015, a variant was identified in a campaign attempting to trick victims into transferring money to the cybercriminals. This new variant is currently targeting bank customers in Poland, Italy, the Netherlands, and Germany. In late 2015, improved versions of the trojan began targeting Asian Pacific financial institutions.
- December 2015: Tinba targets Asian Pacific financial institutions. (IBM)
- May 2015: Tinba variant attempts to trick victims into transferring funds. (Softpedia)
- IBM Security Intelligence provides technical details on the Tinba banking trojan, available here.