Recently a Bank Trojan named as ‘Tinba’ (Tiny Banker) is spotted by experts over the internet that employs a simple tactic to breach security. The Trojan itself is of very small size, which is only 20KB, but it has all the sophistication to do almost anything that can be done a much larger Trojan or Malware.
The main objective of this Trojan is to burrow itself into the browsers so that it can steal logins and credentials. But it can also use disguised web injection technique and man-in-the-browser to attempt to takeover two-factor web authentication systems. It can inject itself to Windows svhost.exe, explorer.exe processes and Internet Explorer and Firefox so as to access the traffic passing through them. It can command and control domains on an RC4-encrypted channel by issuing four or more commands.
The most remarkable feature of this malware is its small size of 20KB (including all injection routines), which proves that it is developed by a very skillful hacker. The infection levels of this Trojan are still unknown and we just hope that an Anti-virus company will release a fix for this malware.