20KB trojan turns on bank customers in Singapore, Indonesia

Fifth Tinba iteration 'Tinbapore' found and flagged

The infamous Tinba trojan has been updated and is now targeting people using online banking in the Asia Pacific region.

Malware bods from security company F5 refer to the fifth iteration of the Windows software nasty as Tinbapore since it began moving 70 percent of its infection base to the region.

About 30 percent of infections are located Singapore and 20 percent in Indonesia. Only five percent are in Australia.

"Newer and improved versions of the malware employ a domain generation algorithm, which makes the malware much more persistent and gives it the ability to come back to life even after a command and control server is taken down," the researchers say (PDF).

"This new variant of Tinba, Tinbapore, now creates its own instance of explorer.exe that runs in the background.

"It differs from most previous versions in that it actively targets financial entities in the Asian Pacific which was previously uncharted territory for Tinba."

Tinba, also known as Tinybanker, Zusy, and HµNT€R$, was a bite size 20KB online-bank-account-raiding trojan first seen in May 2012.

Source code leaked in July 2011 when net scum grabbed and customised their own sophisticated builds to target banks around the world. ®

Similar topics

Other stories you might like

Biting the hand that feeds IT © 1998–2021