Detected by F5, the Tinbapore attack put millions of US dollars at risk. An F5 investigation revealed that Tinbapore is actually a variant of the Tinba malware that targeted financial institutions in Europe, the Middle East, Africa and the Americas. The original Tinba malware was written in the assembly programming language and was noted for its small size (around 20 KB including all Web injects and configuration).
New and improved versions of the malware employ a domain generation algorithm (DGA), which makes the malware more persistent and gives it the ability to come back to life even after a command and control (C&C) server is taken down. This new variant now creates its own instance of explorer.exe that runs in the background. It differs from previous versions in that it actively targets financial entities in Asia, which was previously uncharted territory for Tinba.
Read the Analysis Report – Tinbapore: Millions of Dollars at Risk to learn more.