It is not an unexpected practice for the cybercriminals to sell or rent their hacking tools to other shady individuals online. This is exactly the case of the Tiny.z Android Banking Trojan. Its creators are offering a $2,000 monthly subscription to the Tiny.z Trojan on various hacking forums. Despite the high price, there were takers as the Tiny.z Banking Trojan is a well-built and very potent hacking tool. It has been speculated that the infamous Russian-based hacking group called Cron is one of the actors propagating the Tiny.z Banking Trojan.
The Cron hacking group operates in Russia mainly, but in 2016, they had decided to begin expanding their reach to other countries too. It is likely that about the same time they got their hands on the Tiny.z Banking Trojan. One of the biggest advantages of the Tiny.z Banking Trojan is that it is compatible with banks all around the globe because its threatening activity has been spotted in the United States, United Kingdom, Australia, Germany, France, and numerous other countries worldwide.
The Tiny.z Banking Trojan is not too sophisticated. Once it infects a device, it will look for banking applications being present. If there is a banking application on the user’s device, the Tiny.z Banking Trojan will insert a convincing fake overlay, which will require the victim to fill in their login credentials. If the user falls for this trickery, it will provide the attackers with their banking details.
It is not yet known what the infection vectors used by the Tiny.z Trojan operators are. Experts speculate that phishing emails and text messages may be involved in the spreading of this nasty threat. It also is likely that the attackers may be using fake copies of popular Android software to trick the user into installing the Tiny.z Banking Trojan onto their systems.
It is crucial that you pay close attention to all the applications you install on your device. Do not trust applications that do not come from verified sources as you may end up in a very sticky situation.