Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Source Code for Tinba Banking Trojan Surfaces

The source code for a version of the Tinba malware was published last week on a private underground forum, Denmark-based CSIS Security Group reported on Thursday.

The source code for a version of the Tinba malware was published last week on a private underground forum, Denmark-based CSIS Security Group reported on Thursday.

According to the security firm, the source code is roughly 2 Mb in size and its distributed along with complete documentation for the Trojan. It’s properly structured and it compiles without errors, they said. However, the source code is for version 1 of Tinba, which was circulated around 2011 and 2012, and has not been used in recent attacks.

“We don’t expect the source code of Tinba to become a major inspiration for IT-criminals as it was the case for ZeuS. However, making the code public increases the risk of new banker Trojans to arise based partially on Tinba source code,” Peter Kruse, the CTO of CSIS and the head of the company’s eCrime Unit, wrote in a blog post.

Source CodeTinba, which is also known as Tinybanker and Zusy, caught the attention of security companies in mid-2012 mainly due to it’s small size (approximately 20Kb, including Web injects and configuration). Similar to other banking Trojans, Tinba uses Man-in-the-Browser (MitB) tactics and injects code into webpages in an effort to trick users into handing over sensitive information.

In 2012, CSIS and Trend Micro published a research paper detailing a campaign aimed at users in Turkey.The attack, which targeted Turkish financial institutions, resulted in over 60,000 unique infections.

CSIS believes that at one point in 2012, the source code for version 1 of Tinba was sold or made public. New malware developers took over the project and made several improvements to the Trojan.

Tinba is not the only piece of malware whose source code has been made available. Threats such as Zeus, Carberp, BlackPOS, and Pony have all been improved after their source code was published. In some cases, the criminals combine code from two Trojans to create a new one  ̶ a perfect example is the recently identified Zberp, which is a combination between Carberp and Zeus.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

Ajay Garg has joined Saviynt as Chief Development Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.