A modified version of a banking Trojan first identified a few years ago has been found on the websites of a number of major U.S. banks this week. The malware, called Tiny Banker, is known for its small size and powerful capabilities and has recently been expanding the number of financial institutions from which it can steal information.

The Trojan is only 20K in size, but is able to use man-in-the-browser (MITB) techniques to inject HTML fields into banking websites when it knows a user has navigated to one. The malware causes a window to pop up that asks for a variety of sensitive data that legitimate financial sites would never ask for.

For instance, one such window found on the website of Wells Fargo asked for information when a person was trying to access their account, supposedly to verify their identity, malware analyst Jaromir Horejsi said in an interview with PC World. The window carries a fake warning about a system update and requests information such as the user’s credit card number and expiration date, Social Security number and driver’s license number with expiration date, among other things.

The malware was created to steal users’ sensitive banking information, including account credentials and payment card data. Along with gaining access to privileged data, Tiny Banker also connects infected computers with a larger botnet and causes them to communicate with command and control servers over encrypted channels.

Around for Years but Getting Stronger

Tiny Banker was first discovered in 2012 after thousands of computers in Turkey were infected with the malware, according to Threat Post contributor Dennis Fisher. Since then, the source code to the Trojan’s original, privately sold version has been leaked online and widely used by cybercriminals who would have had to pay to obtain it otherwise. The easy accessibility of Tiny Banker has led to the revisions plaguing banks today.

The leak of Tiny Banker’s source code onto an online forum is just the latest in a long series of crimeware being made accessible to the public. Last year a program that previously sold privately for $40,000, Carberp, had its source code leaked online and in 2011 hackers posted the code behind the infamous Zeus Trojan, leading to the creation of other malware like Citadel.

With the rise in crimeware being made available for download by hackers across the globe, companies are at a greater risk for cyberattacks than ever before. Organizations looking to increase enterprise security and enhance data protect should employ two-factor authentication. This reliable security technique requires users to enter multiple forms of identification before accessing sensitive data, ensuring malicious actors cannot obtain information not meant for their eyes.

   Carberp, Citadel, Crimeware, hacking, malware, Man-in-the-Browser, MITB, Social engineering, Spyware, Tiny Banker, trojan, Trojan horses, zeus