When first discovered by Trusteer in 2012, theย Tilon banking malwareย received its name because of some similarities with the Silon banking Trojan.ย As Silon before it, Tilon performs Man-in-the-Browser attacks by injecting itself into the browser and thus gaining control over the traffic going to and from it, as well as the capacity to capture all form submissions from the browser to the web server. The researchers thought that the same cyber gang was behind the creation of both Silon and Tilon.
Arrestedย SpyEye author Aleksandr Paninย was probably responsible for the Tilon bank Trojan, developed as a โside projectโ using the same source code as his more famous creation, an analysis by Dutch security firm Fox-ITย has concluded.ย According to its researchers, the now largely defunct Tilon began life in October 2011, probably as a low-key way of making some money from the bank Trojan market without the need to offer the service and support on offer with purchases of the more famous SpyEye.ย In August 2012, theย malware was eventually noticedย by security firm Trusteer, which decided it was based on the Tilon bank Trojan from 2009, but Fox-IT believes that Tilon borrowed only the formerโs loader; its core was re-used from SpyEye, making it in effect โSpyEye 2.โ