Zusy aka Tinba is small banker trojan ranging from 20k to 100k in size. The smallest version, 20k in size, is called Tinba (“Tiny Banker”). For this reason it can be called tiny but deadly. This trojan targets your bank account details and will send them to malware authors. It sends and receives information and guidelines for further activity from four Command & Control servers that are run by the creators of this Trojan. As Zusy is one of the smaller banker trojans, it is not so complicated and will use predefined control servers. The information sent to these servers is encrypted, thus it might be missed by network auditing tools. Additionally, Zusy targets small number of financial institutions, thus data from other websites are not collected in each versions of this malware. However, it is still possible that there are versions of malware targeting other financial institutions instead. This banker trojan uses several harmless DLLs and can attach itself to other processes like Winver, iexplore.exe.
Zusy trojan is distributed using BlackHole exploit kit. This is one of the most known kits malware authors use to infect PCs. You might land in such page by following spam links, or being redirected through malicious advertisements on harmless websites. Typically, you will blank pages that are trying to load something but you can’t see what. In many cases this will be rogue av or other parasite like Zusy/Tinba.
It is obvious that Banking trojan like Zusy is bad news. Thus you should remove it at once. Most of internet security suites will detect and block BlacHole exploit kits and would prevent such infections.
Zusy was first discovered in 2012 and was a real issue for Internet users. However, in 2014, the plans of its creators were shattered as the source code was discovered. As you might guess, this did not stop Tinba v2 and Tinba v3 from appearing and causing problems. In 2015, the news spread that a a variant of Zusy targeted Romanian-speaking users or, more specifically, their money. Twelve Romanian banks were under the radar of this Trojan. Back in the 2015, this was one of the primary infections that targeted Romanians. Before that, Zusy focused on Western side of the map. This Zusy was very closely related with the Tinba v3 and proceeded very similarly to it. This v3 variant had its eyes set on stealing significant amounts of personal information about users.
In 2016, Zusy was noticed to place its focus on Asia. There might be a lot of Trojans that are similar to this banking monster and we hope that you will not encounter it.
Automatic Malware removal tools