Have you heard about the Trojan Virus called Tinba? It might just be heading to a bank near you

IT Wire reports that Tinba, a virulent, second generation, Banking Trojan is already wrecking havoc in countries like  Russian, Ukraine, and other Eastern Europe financial institutions as well as in some global financial hot spots such as US, Japan, Australia and New Zealand.

According to Dell SecureWorks Counter Threat unit (CTU) the malware – also known as Tiny Banker - only affects Windows computers.
It steals financial account credentials, one-time passwords, and other sensitive information, which can be used to commit Automated Clearing House (ACH) and wire fraud. More than a dozen threat groups may be using this malware.
CTU says that Russian Banks and Russian Financial Organizations are not frequently targeted by these Banking Trojans. Historically many of the masterminds behind some of the most pervasive Banking Trojans and other money-making malware (such as spam bots) tend to be from Russia, Ukraine or Eastern Europe. 


It has seen very few of these Bank Trojans and other families of malware target Russian computer users. Some of these Trojans are designed to do automatic checks of the victim’s computer keyboard and language settings. If the malware sees that the primary language is Russian and the keyboard is in Cyrillic, the malware immediately exits or uninstalls. There definitely seems to be a propensity on the part of the cyber criminals behind these operations not to compromise Eastern European and Russian computers

About Tinba
Tinba is a botnet kit available on the dark web. Many cyber-criminals are attacking banks in not only Russia and Japan, but many financial organizations in other parts of the world including North America, the United Kingdom, Europe and Australia. Large credit card companies, online payment providers, shopping portals and social media sites are at risk. 

During the last two years, the number of Banking Trojans infecting computers in the Asia Pacific region has continued to increase, and currently includes Trojans like Shiz (aka Shifu) and Reactorbot. There have been widespread infections seen in Japan, Indonesia and Malaysia during the past year. The map below indicates the spread.

There are two versions of the Tinba Trojan. The source code for Tinba 1.0 was leaked in July 2014 and the authors were believed to be out of Eastern Europe. Tinba 2.0 is more popular and is controlled by one threat group and sold as a botnet kit to multiple cybercriminal gangs.
Tinba 2.0 added several new features including a domain generation algorithm (DGA) designed to make detection and mitigation by security professionals more difficult. The first variant of Tinba 2.0 attempted to generate 1,000 domains, using a single hard-coded Top-Level Domain (TLD). 

The latest variant generates 100 domains using four hard-coded TLDs, resulting in a total of 400 possible domains. Only one of these domains is needed by the threat actors for them to maintain control of their botnet. Tinba 2.0 also added RSA signature verification to determine whether the Command and Controller (C2) that it is communicating with it is a true C2 or a security researcher’s sinkhole. 

Each Tinba 2.0 botnet kit is configured with different parameters such as distinct domain names, RSA keys, and request paths. As of October 2015, CTU researchers had observed 655 registered domains, 62 unique request paths and 43 unique encryption keys. This information indicates there are likely more than a dozen threat actors or groups operating Tinba 2.0 botnets.

More of the reason why i should by MAC lol