Tinba Trojan Targets U.S. Bank Customers With Browser Exploit

Avast, makers of the self-titled free antivirus software (along with paid Internet security suites), has discovered that the "Tinba Banker" Trojan is back in circulation, and this time it's targeting more than two dozen financial institutions in the United States. There are some big names among them, including Bank of America, HSBC, TD Bank, Chase, Wells Fargo, PNC, and more.

This nasty piece of malware sneaks its way onto customer PCs through the Rig Exploit kit, which takes advantage of Flash or Silverlight exploits. Unfortunately for the victim, he or she can fall prey to the Trojan simply by visiting a banking site that's been infected with the Rig Exploit kit.

Wells Fargo Form Malware
Don't just walk, but run away from forms like this.

"If the user's system is vulnerable, the exploit executes a malicious code that downloads and executes the malware payload, Tinba Trojan," Avast explains in a blog post. "When the computer is infected and the user tries to log in to one of the targeted banks, webinjects come into effect and the victim is asked to fill out a form with his/her personal data."

It's not unusual for a website to verify a user's identity, so it's easy to see how this particular piece of malware could be effective. Once a victim fills out the fake form, all the personal information -- credit card number, Social Security number, etc. -- gets sent to the attacker.

Be sure to keep your software up to date, and be on the lookout for online forms asking for your personal information.

Via:  Avast
Show comments blog comments powered by Disqus