American IT giant IBM has discovered a malware version called Tinba v3 created especially for attacking 12 Romanian banks. The company advised the local financial institutions to inform their customers about the threat and closely collaborate with cybersecurity providers.

The new virus risks to become the most efficient Trojan that affects Romanian banks, even more than Dridex, which was to blame for 80 percent of the attacks that have taken place this year, according to Limor Kessem, Cybersecurity Evangelist at IBM, who signs an article on the website

“While Romania is widely suspected of being home to a large amount of cybercriminals – even with one city dubbed by some as “Hackerville” — we seldom see it targeted by those who attack Western countries,” says the expert in the article. 

This is actually the first time a virus is especially developed to hack into the system of Romanian banks, according to the piece.

“In late July 2015, IBM Security X-Force researchers analyzed a new Tinba v3 Trojan configuration file that is, according to our data, the first of its kind dedicated to Romanian banks. Previous versions of this malware attacked a number of European countries, but Romania wasn’t among them and is rarely a top target. Our analysis reveals that Tinba v3’s developers have expanded the capabilities and reach of the malware by updating its web injections to match the new banks targeted in the Eastern European country.”

Unfortunately, the IBM expert believes cyberattacks of this type will become more frequent in Romania.

“Based on other Tinba v3 campaigns that IBM Security is familiar with, we expect to see more Tinba attacks in Romania going forward. The country may only be starting to face Tinba, but it is already plagued by the Dridex Trojan, Dyre, Neverquest and Zeus v2 variants. IBM Security data shows that, since the beginning of 2015, the most active Trojan in Romania is Dridex, but that could stand to change if Tinba accelerates its activity,” says Kessem. 

The expert recommends Romanian banks to ask customers to report suspicious emails, in order to protect themselves from the attacks. These financial institutions should also work closely with their antifraud provider to lower and contain risks as much as possible, says the article. 

Otilia Haraga