This sneaky malware is after your money; Tiny Banker Trojan (aka Tinba Virus): What It Is and How to Remove It
If you bank with Chase, HSBC, Wells Fargo, Bank of America, or another large, well-known financial institution, you might have unwittingly been attacked by the Tiny Banker Trojan virus. Also known as Tinba, the Tinba virus, and Zusy, this malspam virus is sneaky, persistent, and after your money. Here’s what you need to know about this malwmare and how to get rid of it.
Trojan virus infections are much more prevalent on Windows PCs, but they’ve been known to occur on Macs and mobile devices, as well.
What Is the Tiny Banker Trojan or Tinba Virus?
Tiny Banker is a variant of the Zeus virus, a nasty piece of malware designed to steal confidential information from your computer. More specifically, it’s looking for your banking information and details such as account numbers, usernames, passwords, credit card numbers, PIN codes, and anything else that can be used to hack into a bank account. It was first recognized in 2012 after an outbreak hit about 60,000 computers in Turkey.
Tinba is still around and active. In March 2020, it made the Center for Internet Security’s Top 10 Malware list.
How the Tiny Banker Trojan Works
Tinba is a tiny piece of malware that’s very difficult to detect. At just 20KB, it’s smaller than any other known Trojan. It uses a method called packet sniffing to read network traffic, so it knows when you navigate to a financial website.
When it detects that you’re on a banking website of some kind, Tinba might begin logging your keystrokes to capture everything you type. In other cases, it will replicate the website’s logo and formatting to instantly pop up a page instructing users that system updates (or some other issue) require the entry of a Social Security number or another piece of sensitive information. In an attempt to seem legitimate, it might even ask you to confirm security questions, specifically asking for your “mother’s maiden name.”
This Trojan can also convert your computer into a zombie machine, which means it becomes an unwilling member of a botnet.
How Do I Know if I Have the Tinba Virus?
If Tinba is on your system, you’ll likely see browser issues and even system crashes. More commonly, you’ll see pop-up messages ostensibly from your bank’s website asking you to perform unusual actions, such as inputting sensitive information. It may even tell you that funds were accidentally deposited into your account, and you must immediately return the money.
Trojans are tricky to deal with because they’re designed to hide in your system until you visit the website they want to infiltrate. They may even silently hijack your computer and force it to work through a botnet.
Some of the most common ways to pick up Tinba include downloading free software from an unfamiliar website, clicking an infected link or attachment in a phishing email, clicking website pop-up ads, or downloading from an unreliable source, such as the dark web or torrent files.
Helpful Fixes for Getting Rid of Tinba
The best way to get rid of Tinba is to use antivirus software along with a malware removal tool such as Malwarebytes. Trojans are notoriously difficult to remove, so using two types of antivirus software is helpful.
Try these fixes if you suspect you have a Tiny Banker Trojan infection:
Follow documented Trojan-removal steps. This will usually involve checking for newly installed software, inspecting the Registry, running a full system scan with good antivirus software, running Malwarebytes, and maybe even performing a full system restore.
Manually remove the virus. Whether you’re using a PC or Mac, it’s possible to seek out and manually remove the virus without antivirus software. This method works well against persistent malware infections, but isn’t always effective for Trojans.
Follow mobile virus-removal processes. There are a few techniques for removing viruses from Android and, to a lesser extent, iOS devices.
Jailbroken iOS devices are particularly susceptible to malware.
Use System Restore. If your problems persist, use System Restore to return to an earlier point on your computer before you picked up Tiny Banker. Be sure to choose a time period you’re certain is before the Trojan arrived on your computer.
How Do I Avoid Getting This Trojan Again?
There are a few key ways to lower your chances of being reinfected with Tiny Banker (or another Trojan or virus).
KEEP YOUR ANTIVIRUS SOFTWARE AND MALWARE PROTECTION UPDATED
New virus definitions are released regularly, keeping your system updated and informed about new viruses and malware-based threats.
DISABLE PUPS IN YOUR ANTIVIRUS SOFTWARE
“Potentially unwanted programs” are small programs that lurk mostly on sites where you download free software. In your antivirus program, be sure to select the option to remove any PUPs from future downloads.
STICK TO WELL-KNOWN WEBSITES
Tiny Banker and other Trojans can infect your computer via suspicious websites. Clicking on the wrong link can invite Tinba onto your system.
DON’T CLICK ON POP-UP BANNER ADS
If a pop-up banner appears when you’re browsing a website, don’t click on it. Go to a different website if you’re being inundated with pop-up advertisements.