{
	"id": "b18231f1-2bb1-4db0-a230-8ec9c3e62dc9",
	"created_at": "2026-04-06T00:18:25.076682Z",
	"updated_at": "2026-04-10T03:35:59.515841Z",
	"deleted_at": null,
	"sha1_hash": "18de7a1c53a05320d953cc004903f17c33d1e857",
	"title": "Small banking Trojan poses major risk",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35619,
	"plain_text": "Small banking Trojan poses major risk\r\nBy John Leyden\r\nPublished: 2012-06-04 · Archived: 2026-04-05 13:45:13 UTC\r\nSecurity researchers have discovered a tiny, but highly capable banking Trojan.\r\nTinba (Tiny Banker, or otherwise known as Zusy) hooks itself into browsers before stealing banking login\r\ninformation and snaffling network traffic.\r\nThe malware used injected code and Man in The Browser (MiTB) tricks to change the way banking websites are\r\npresented to victims on compromised machines.\r\nThe technique is designed to thwart added security protections, most specifically two-factor authentication\r\ntechnologies, that have come into deployment by some banks. ZeuS, the well-established banking Trojan, uses\r\nmuch the same trickery to achieve the same nefarious ends.\r\nWeighing in at just 20KB, Tinba represents a new family of banking Trojan. Antivirus detection of the analyzed\r\nsamples is low, according to researchers at CSIS Security, a Danish firm.\r\nTinba uses a RC4 encryption scheme when communication with its Command \u0026 Control (C\u0026C) servers, located\r\nat four hardcoded domains. \"Tinba proves that malware with data stealing capabilities does not have to be 20MB\r\nof size,\" Peter Kruse, a researcher with CSIS, told El Reg.\r\nHis comments reference the avalanche of publicity that has accompanied the discovery of the Flame cyber-espionage toolkit, a portly 20MB chiefly notable for affecting systems in Iran and the ability to turn its worm like\r\npropagation routines on and off for added stealth.\r\nCSIS has a detailed write-up of Tinba here. ®\r\nSource: http://www.theregister.co.uk/2012/06/04/small_banking_trojan/\r\nhttp://www.theregister.co.uk/2012/06/04/small_banking_trojan/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"http://www.theregister.co.uk/2012/06/04/small_banking_trojan/"
	],
	"report_names": [
		"small_banking_trojan"
	],
	"threat_actors": [
		{
			"id": "bc289ba8-bc61-474c-8462-a3f7179d97bb",
			"created_at": "2022-10-25T16:07:24.450609Z",
			"updated_at": "2026-04-10T02:00:04.996582Z",
			"deleted_at": null,
			"main_name": "Avalanche",
			"aliases": [],
			"source_name": "ETDA:Avalanche",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434705,
	"ts_updated_at": 1775792159,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/18de7a1c53a05320d953cc004903f17c33d1e857.pdf",
		"text": "https://archive.orkl.eu/18de7a1c53a05320d953cc004903f17c33d1e857.txt",
		"img": "https://archive.orkl.eu/18de7a1c53a05320d953cc004903f17c33d1e857.jpg"
	}
}