Trend Micro and CSIS have released a joint white paper about the Tinba information-stealing malware. The paper contains a thorough technical analysis of the malware itself, as well as the architecture of its infrastructure, and its ties to other illegal activities. Read More ..
What is Tinba?
Tinba got its name from its extraordinarily small size – its code is approximately 20 kilobytes in size, a remarkably small number for banking malware. Tinba is a combination of the words tiny and banker; the same malware is also known as Tinybanker and Zusy.
Tinba is delivered onto user systems via the Blackhole exploit kit, and is aimed primarily at users in Turkey. We estimate that there are more than 60,000 users affected by Tinba in Turkey.
The capabilities of this malware are broadly similar to other similarly sophisticated info-stealing malware families. Using web injects, it steals the login information from websites, particularly those located in Turkey. Some targets such as Facebook, GMX, Google, and Microsoft are hardcoded into the code of Tinba itself and are universally targeted by Tinba. Other institutions are targeted based on downloaded configuration files; frequent targets include key government portals and Turkish banks/financial institutions.