Zusy, also known as Tinba (Tiny Banker), is a notably compact banking trojan that gained attention for its small footprint of roughly 20KB while still implementing full webinject and form-grabbing capability. First seen around 2012, Zusy primarily targeted European banking customers through phishing and exploit kits. Its small size made detection harder and demonstrated that effective banking trojans did not require large code bases. The leaked Tinba source code spawned numerous derivative campaigns.
This family has been observed using the following ATT&CK techniques: T1185 T1071.001
Zusy, also known as Tinba (Tiny Banker), is a notably compact banking trojan that gained attention for its small footprint of roughly 20KB while still implementing full webinject and form-grabbing capability. First seen around 2012, Zusy primarily targeted European banking customers through phishing and exploit kits. Its small size made detection harder and demonstrated that effective banking trojans did not require large code bases. The leaked Tinba source code spawned numerous derivative campaigns.
Zusy is an alias for Tinba and spreads through the same exploit kits, phishing campaigns, and malvertising used by the Tiny Banker family.
Browser web-injects on banking sites, prompts for additional 2FA codes, and AV detections for Zusy, Tinba, or TinyBanker are diagnostic.
If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.
Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/zusy.json
This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families extracted from the EMBER 2018 benchmark. The catalog is also published on Hugging Face and Kaggle.