A low-profile strain of malware recently discovered on a Russian cybercrime forum could spell big trouble for bank customers and financial services companies alike,
i2Ninja may be funny sounding, but it is dangerous. The malicious software can perform HTML injection attacks and grab information from any major browser, among other criminal misdeeds, according to the blog post.
Its creators have recently begun selling it in the cybercriminal underworld.
According to Trusteer's blog, the i2Ninja takes its name from the malware's use of I2P a networking layer that uses cryptography to allow secure communication between its peer-to-peer users. It's designed to maintain a "darknet," an Internet within the Internet where secure and anonymous messaging and use of services can be maintained.
"Using the I2P network, i2Ninja can maintain secure communications between the infected devices and command and control server," Trusteer says. "Everything from delivering configuration updates to receiving stolen data and sending commands is done via the encrypted I2P channels. The i2Ninja malware also offers buyers a proxy for anonymous Internet browsing, promising complete online anonymity."
Another unique feature of this malware is that it comes with an integrated help desk ticketing system. "A potential buyer can communicate with the authors / support team, open tickets and get answers - all while enjoying the security and anonymity provided by I2P's encrypted messaging nature," Trusteer says. "While some malware offerings have offered an interface with a support team in the past (Citadel and Neosploit to name two), i2Ninja's 24/7 secure help desk channel is a first."
