Tinba Malware Targeting Financial Institutions in Russia and More

Dell SecureWorks published a new report about their finding in relation with Tinba 2.0. Tinba is now targeting a large number of users in Russian banks and online payment systems, the malware is also targeting several other countries including Japan and Ukraine.
The malware is circulating using spam emails and exploit kits that are created by cyber criminals and sold in the black market. Some of the kits are as Nuclear, Neutrino and Angler. The banking Trojan will target financial entities, standard email service or social networks. Top 10 affected countries are:

    1. Russia (34.5%)
    2. Poland (22.0%)
    3. Indonesia (7.2%)
    4. Spain (6.5%)
    5. Canada (5.6%)
    6. Romania (5.0%)
    7. Germany (2.6%)
    8. Australia (1.8%)
    9. United Kingdom (1.8%)
    10.  Japan (1.7%)

Tinba 2.0 Map by Dell SecureWorks

Currently this is an updated version of Tinba and the second version added RSA signature verification to identify and sign the communication with the C&C servers. Also attacker included the domain generation algorithm (DGA) to allow generating domain name randomly and make it difficult for security professionals to shut down the botnet.

Protection against this malware is by keeping all your application and anti-malware definition updated, make sure to avoid clicking on suspicious links or opening suspicious emails, provide all your users the proper security awareness training so they will have updated information about cyber threats and how to avoid them.