Citadel trojan pulled from Russia's public underground market
The Citadel trojan is being pulled underground by its authors who fear an impending law enforcement crackdown, researchers at security firm RSA said this week.Citadel, built on the shoulders of Zeus, was one of the most advanced and quality trojans available, with a sales price of nearly $2,500.
 |
It rose to fame for being the first crimeware kit to include a customer relationship management (CRM) module where clientele could request new features from Citadel's team of software developers.
But fearing authorities are hot on their heels, Citadel's creators have announced the trojan will be pulled from the public Russian underground market, to be likely only sold to users whose reputation for which existing customers have vouched.
“By selling less they can keep the trojan from being all too widely spread,” RSA's research labs wrote Monday in a blog post.
Selling on the open market attracts law enforcement and gives white hat researchers access to reverse engineer the software, forcing Citadel's developers to tweak its functions.
Research last month by S21Sec found the latest version of the banking trojan was outfitted with evasion techniques to help it avoid being studied.
That anti-emulator would detect sandboxes and, rather than terminate operation like other trojans, would mimic normal functionality, but fake connection to botnets in hopes of throwing researchers off the scent.
