Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:52:37 UTC
Home > List all groups > List all tools > List all groups using tool Backswap
 Tool: Backswap
Names Backswap
Category Malware
Type Banking trojan, Credential stealer
Description
(CERT.PL) Backswap is a banker, which we first observed around March 2018. It’s a
variant of old, well-known malware Tinba (which stands for “tiny banker”). As the name
suggests, it’s main characteristic is small size (very often in the 10-50kB range).
Backswap carries out multiple harmful activities. Big ones are: injecting Webinjects and
stealing credentials. Supported browsers involve Internet Explorer, Mozilla Firefox,
Google Chrome. Some variants also swap the contents of the clipboard when
bank/cryptocurrency account number is found.
Information
Malpedia AlienVault OTX Last change to this tool card: 24 May 2020
Download this tool card in JSON format
All groups using tool Backswap
Changed Name Country Observed
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=918148af-92e2-42dc-b5bd-eb700a11ec39
Page 1 of 2

Unknown groups
  _[ Interesting malware not linked to an actor yet ]_  
1 group listed (0 APT, 0 other, 1 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=918148af-92e2-42dc-b5bd-eb700a11ec39
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=918148af-92e2-42dc-b5bd-eb700a11ec39
Page 2 of 2