Here's how the world's smallest banking trojan works

Security

by Jimmy Nicholls| 14 July 2014

Source code for malware leaked onto underground forum.

Source code of the world's smallest banking trojan Tinba has been posted on an underground forum, according to Danish security group CSIS.

The code is from the first version of the malware taken over by criminals in 2012 and, though functional, is said not to be used in current attacks.

Peter Kruse, partner at CSIS, said: "The Tinba leaked source code comes with a complete documentation and full source code. It is nicely structured and our initial analysis proves that the code works smoothly and compiles just fine."

Tinba, also known as Tiny Banker, is said to be just 20KB in size, though the source code comes in at around 2MB.

It works by connecting to browsers to steal login details and monitor network traffic, mimicking webpages to trick banking customers into revealing their information by bypassing two factor authentication.

"We don't expect the source code of Tinba to become a major inspiration for IT-criminals as it was the case for [the trojan] ZeuS," Kruse added.

"However, making the code public increases the risk of new banker trojans to arise based partially on Tinba source code."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.