Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Source Code for Tinba Banking Trojan Surfaces

The source code for a version of the Tinba malware was published last week on a private underground forum, Denmark-based CSIS Security Group reported on Thursday.

The source code for a version of the Tinba malware was published last week on a private underground forum, Denmark-based CSIS Security Group reported on Thursday.

According to the security firm, the source code is roughly 2 Mb in size and its distributed along with complete documentation for the Trojan. It’s properly structured and it compiles without errors, they said. However, the source code is for version 1 of Tinba, which was circulated around 2011 and 2012, and has not been used in recent attacks.

“We don’t expect the source code of Tinba to become a major inspiration for IT-criminals as it was the case for ZeuS. However, making the code public increases the risk of new banker Trojans to arise based partially on Tinba source code,” Peter Kruse, the CTO of CSIS and the head of the company’s eCrime Unit, wrote in a blog post.

Source CodeTinba, which is also known as Tinybanker and Zusy, caught the attention of security companies in mid-2012 mainly due to it’s small size (approximately 20Kb, including Web injects and configuration). Similar to other banking Trojans, Tinba uses Man-in-the-Browser (MitB) tactics and injects code into webpages in an effort to trick users into handing over sensitive information.

In 2012, CSIS and Trend Micro published a research paper detailing a campaign aimed at users in Turkey.The attack, which targeted Turkish financial institutions, resulted in over 60,000 unique infections.

CSIS believes that at one point in 2012, the source code for version 1 of Tinba was sold or made public. New malware developers took over the project and made several improvements to the Trojan.

Tinba is not the only piece of malware whose source code has been made available. Threats such as Zeus, Carberp, BlackPOS, and Pony have all been improved after their source code was published. In some cases, the criminals combine code from two Trojans to create a new one  ̶ a perfect example is the recently identified Zberp, which is a combination between Carberp and Zeus.

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.