Russian Banks Targeted by Malware Attack - Dell SecureWorks

Dell SecureWorks has spotted an ongoing campaign, which is targeting patrons of many Russian financial institutions and providers of payment services. The cyber crooks behind this campaign are supposed to be operating a huge botnet spreading the Tinba 2.0 banking Trojan, and collecting financial informations from its victims.

Tinba is a popular threat in the IT security domain, and it is active since few years mainly focusing on European, Japanese and North American targets.

Two versions exist, but Tinba 1.0's source code was publically leaked in 2014 and several cybercrime gangs have stopped employing it since then. Soon after, Tinba 2.0 appeared and just like Tinba 1.0, it is supposed to be the innovation of an Easter European cybercriminal.

Tinba 2.0 is traded in the underground market as a botnet kit permitting anyone who buys it to install their own C&C server, configure diverse security and validation techniques to avoid detection easily, tweaking the MO (modus-operandi) of the Trojan to enable them to aim at specific targets.

As mentioned above, Dell SecureWorks detected the campaign which targets only Russian Banks and payment service providers.

Bankinfosecurity.com published news on 4th November, 2015, quoting a write-up on a new report about Tinba's shifting attack targets by Brett Stone-Gross, a Senior Security Researcher of Dell SecureWorks, as the finding highlights that 'cybercrime is surely global'".

Stone-Gross observes: "Tinba is not usual because we actually witness banking Trojans aiming western enterprises. This one is aiming Russian institutions. We may see that one reason for this change could be, partly, because of the hostility between Ukraine and Russia.

Stone-Gross observes: "Besides Russia, Tinba assaults are also now drifting to Asia. He adds that many of these regions have not been targeted as much as before. Hence, these regions might not have executed some of the security measures which many financial institutions in the Western countries apply. It may be effortless for cyber goons to embezzle money from these financial institutions accounts, and they could employ translators to help them to understand the lingo and the method in which banks operate in those parts of the globe.

» SPAMfighter News - 11/9/2015