IBM researchers have recently identified a Romania-focused configuration of the Tinba v3 Trojan virus, which exclusively targets 12 banks active on the local market, reports securityintelligence.com.

IBM cyber intelligence expert Limor Kessem recommends banks to ask clients to report suspicious emails and work closely with their antifraud provider to lower the possible risks.

The Tinba Trojan was first discovered in 2012. It initially acted like a classic banking Trojan, dedicated to grabbing user credentials and network traffic. Two years later, in 2014, a leak of its sources code gave immediate rise to two more Tinba variations, which were taken up by different gangs, spawning Tinba v2 and Tinba v3, Kessem says. A fourth variation of the virus appeared this year.

The configuration that targets banks in Romania is connected to the Tinba v3, which relies on four fraud capabilities: a persistent user-mode rootkit, the ability to steal any set of credentials with a generic form grabber, MitB capabilities, and dynamic webinjection mechanisms.

Tinba v3 attacks online banking customers across Europe, mainly targeting those in Poland, Italy, Germany, and the Netherlands. It’s the first time when IBM specialists identified Tinba variations attacking Romania.

New banking virus targets Romanian banks’ customers. 

Irina Popescu, irina.popescu@romania-insider.com