TinyNuke Malware is Found in Loose After 3 Months Since Its Source Code Leak

 

The researchers from Kaspersky Lab have detected a new banking Trojan malware – TinyNuke Malware which is also known as Nuclear Bot or NukeBot. It has been especially designed to steal the login-credentials of online banking users. According to the security analysts, the earlier version of this malware were known as TinyNuke, but it lacked some features that was necessary to launch vicious attacks. However, the latest version is fully operable and contain malicious code to target the users of some specific bank. Apparently, TinyNuke Malware was designed by a French teenager named Augustin Inzirillo with the main purpose of defeating IBM's Trusteer Rapport, which is a security solution used by several banks all around the world.

TinyNuke Malware

However, later Austin published the source code of this malware on Github due to some unpleasant incidence happened with him in the past. After realizing the nasty side effect of TinyNuke Malware, Inzirillo decided to delete the repository after a couple of days. But before he could delete the Trojan completely, the threat actors had already copied the code. As a result, few compiled samples of TinyNuke are flying around the Internet around three months later and the security investigators at Kaspersky have analyzed some of them. The samples of TinyNuke Malware captured by the researchers revealed that the IP address of Command and Control server was set to the local subnet identified as 127.0.0.1. However, this malware does not work without a functioning C&C server.

The Kaspersky Lab has recently published a brief analysis of this malware as an early warning to its users and other banking customers. TinyNuke is a banking Trojan which upon infection injects malicious code to the website of an online banking service displayed into the victim's web browser and then steal crucial data, spoofs their login credentials and many more. According to the cyber security experts, there are already a huge number of compiled samples of this malware in the wild that are shared onto th underground hacking forums. Around 5% of all the samples related with this banking Trojan were the new combat versions that have improved source codes and the attacking capabilities.

Among few other things these versions of TinyNuke Malware contain injections which is specific pieces of code that copies parts of the user interface of a real online banking services. Based on the research of injections, the analysts believe that the main targets of the newer version NukeBot or Nuclear Bot are the customers from several banks of French and the United States. Therefore, to protect banking customers and the system users from the attack of such noxious Trojan virus, the threat analysts offer some advice for them. For the financial organizations providing the online banking services, they need to have an effective prevention solution against the fraud to immediately spot the unauthorized use of their customer accounts. Although, for customers using online banking services onto their PC need to use an update security software and regularly scan their computer to check for any possible cyber infections like TinyNuke Malware, Nuclear Bot or NukeBot Trojan.

Leave a Comment

Your email address will not be published. Required fields are marked *

Skip to toolbar