Tiny Banker Trojan (aka Tinba Virus): What It Is and How to Remove It

This sneaky malware is after all your money

A conceptual illustration of the Tiny Banker (aka Tinba) virus destroying a computer.

Theresa Chiechi / Lifewire 

If you bank with Chase, HSBC, Wells Fargo, Bank of America or another large, well-known financial institution, you might have unwittingly been attacked by a Trojan called Tiny Banker, also known as Tinba or the Tinba virus. It's sneaky, persistent, and it's after all the money it can find.

What Is the Tiny Banker Trojan or Tinba Virus?

Tiny Banker is a variant of the Zeus Virus, a nasty piece of malware designed to steal confidential information from your computer. More specifically, it's looking for your banking information and details such as account numbers, usernames, passwords, credit card numbers, PIN codes and anything else that can be used to hack into a bank account. It was first recognized in 2012.

The Tiny Banker Trojan was listed as one of the Top 10 Most Wanted Malware in 2016 by Check Point Software Technologies, a cyber security company. It can attack any computer or smartphone.

How the Tiny Banker Trojan Works

Tinba is a tiny piece of malware that is very difficult to detect due to its small size. In fact, at just 20kb, it's smaller than any other known Trojan. It uses a method called packet sniffing to read network traffic. That tells it when you navigate to a financial website of any kind.

From there, it can either begin logging your keystrokes to capture everything you type on the site or it will replicate the website's logo and formatting to instantly pop up with a page instructing users that system updates (or some other issue) require the entry of a social security number or other pieces of sensitive information. It might even ask you to confirm security questions in an attempt to seem legitimate, specifically using 'mother's maiden name' to lure you.

This Trojan can also convert your computer into a zombie machine, which means it becomes an unwilling member of a botnet.

How Do I Know If I Have the Tinba Virus?

You'll start seeing web browser issues and even full computer system crashes if you actually have this Trojan on your system. More commonly, though, you will see pop-up messages from your banking website that oddly ask you to input sensitive information or that tell you funds were accidentally deposited to your account that must be immediately refunded.

Trojans are tricky to deal with precisely because they are designed to hide in your system until the moment you actually open the website they want to infiltrate. Alternatively, they simply silently hijack your computer and force it to work through the botnet.

How Did I Get the Tiny Banker Trojan?

There are many ways you could have gotten the Tiny Banker Trojan. Some of the most common ways are:

  • Downloading a program or app from an unreliable source such as the dark web or torrent files.
  • Downloading free software from an unfamiliar website.
  • Clicking an infected link or attachment in a phishing email. 
  • Clicking website pop-up ads.

How Do I Get Rid of This Virus?

The best way to get rid of it is to use antivirus software along with a malware removal tool such as Malwarebytes. Trojans are notoriously difficult to remove so using two types of antivirus will usually resolve the problem.

  1. If you prefer, you can take steps first to ensure you truly have the Tiny Banker Trojan. Then, follow these steps to remove it.

  2. You can remove a virus from your computer without antivirus software. This is not always effective for Trojans but it can work well with persistent malware infections so it's worth a try. You can remove malware from a Mac, too.

  3. If the problem is on a mobile device, you may need to try different techniques to remove the virus from Android or from an iOS device. Jailbroken iOS devices are particularly susceptible to malware; use antivirus software compatible with iOS like F-Secure Anti-Virus to combat this Trojan.

  4. If none of those steps solve the problem, use System Restore to return to an earlier point on your computer before you picked up Tiny Banker. Be sure to pick a time period where you can be certain you didn't already have the Trojan on your computer. 

How Do I Avoid Getting This Trojan Again?

There are a few key ways in which you can lower your chances of being re-infected with Tiny Banker (or another trojan or virus).

  • Keep your antivirus software and malware protection updated. New virus definitions are released regularly and these keep your PC informed on what to look for with new virus and malware-based threats. 
  • Disable PUPs in your antivirus software. These small programs, known as potentially unwanted programs, lurk mostly on sites where you obtain free software. In your antivirus program, be sure to select the option to remove any PUPs from future downloads.
  • Stick to well-known websites. Tiny Banker and other Trojans can infect your computer through the suspicious websites you might browse. Clicking on the 'wrong' link can lead to you downloading Trojans like Tinba.
  • Don't click on popup banner ads. When a pop-up banner appears when browsing a website, don't click on it. Go to a different website if you land on one that inundates you with pop-up advertisements.