Tinbapore Malware Targets APAC Banks, Customers

19 January 2016
Justin Warren

Asia-Pacific region, particularly those in Singapore (Tinba-pore, get it?) and Indonesia, as well as going after banks in other parts of the world.

F5 detected the new variant thanks to the behavioral monitoring capabilities of its products, which is able to pick up on differences between legitimate transactions and potentially fraudulent ones being issues by the malware. F5’s products then add to the bank’s other mechanisms for detecting fraud (such as noticing that you just used an ATM in New York, so why is your credit card being used in a shop in Paris five minutes later?) which can stop, or at least limit, the amount of fraud.

Also known as Tinybanker, Zusy, or HμNT€R$, the malware source code was leaked in 2014. It was noted for being very small, about 20KB, and for being written in assembly language, rather than a higher level language like C.

The Tinbapore malware infects computers using standard phishing attacks: fake emails dressed up to look like a legitimate email entice users to click on an attachment, which installs the malware on their PC. This malware specifically targets Windows PCs, embedding itself into four libraries, and running its own browser in the background, from which is launches its attack.

When users access their bank, the malware starts to do its nefarious work, funneling money to accounts controlled by the criminals responsible for the malware.

Benn Alp, a Solution Architect from F5, told me that malware like this is becoming increasingly sophisticated. The infection emails are sometimes targeted at businesses or high net-worth individuals, who are likely to have bigger bank balances to steal. “Because the potential payback, the level of sophistication once they’ve infected a system is very, very high,” Alp says.

Scary stuff.

Prevention is the best medicine, due to the difficulty of detecting and removing this increasingly sophisticated malware. Alp says that the same techniques you already use will help prevent infection with this, or similar, malware:

  • Keep your devices up-to-date with the latest patches.
  • Take extra care when opening attachments to emails.
  • Run anti-virus software.

The price of security is eternal vigilance.

This article first appeared in here.