Tiny Banker Trojan (TBT) aka Tinba
How Users Can Prevent Banking Trojans
Banking trojans are an extremely stealthy form of malware. When a banking trojan infects a user’s PC / Mobile or web browser, it goes dormant and waits for them to access an online banking website. When the user does this, the Trojan is activated, uses a keylogger to steal the username and password of the account, and secretly sends it to the attackers.
- Watching out for phishing emails
When opening an email from an untrusted source, or emails from a trusted source that contain unusual content or requests, users should not click links, execute files, or open Microsoft Office documents.
- Using security solutions on the local device
Modern security solutions can protect users from malware and other attack vectors. A good security solution can effectively detect and block banking trojans, by detecting and blocking malicious content in files or phishing messages. Even if users browse the web on a personal device, they should deploy well-known, effective anti-malware solutions.
- Unusual behavior on banking sites
Users should look out for suspicious activity from banking and financial services websites. They should pay special attention to new login fields they haven’t seen before, especially when they request personal data. Users should consider what the bank typically does not ask for, and look for small flaws or changes in the website design or display.
- Install mobile applications from trusted sources
This is especially important for banking applications. Downloading apps from known and trusted sources such as Google Play and Apple App Store doesn’t guarantee users won’t download malicious applications, but it will protect them from most threats.
- Back up important files
Users should make offline copies of their most important files on external devices or cloud storage services. Today’s common banking trojans distribute other malicious software such as ransomware after their initial phase, which can deny users access to their files.