Financial malware 'i2Ninja' being sold on Russian cyber crime forum

Share this article:

Although it has yet to be discovered in the wild, researchers have uncovered a sneaky piece of financial malware, known as i2Ninja, being sold on a Russian cyber crime forum.

The peer-to-peer trojan – which can be used to steal credit card and other financial information – is likely to infect systems via drive-by infection, fake advertisements and bogus links, Etay Maor, fraud prevention solutions manager at Trusteer, told on Wednesday. He added that specific targets may also be infected through spear phishing.

“While the malware offers different HTML injection capabilities [targeting poker sites and grabbing email], it will also soon offer a virtual network computing (VNC) module just like all other major malware families,” Maor said, using trojan variants such as Zeus, Citadel and SpyEye as examples. “Once a VNC capable malware infects a device, the attacker's options are almost limitless.”

The i2Ninja malware takes its name from I2P, a layer of networking similar to Tor that uses cryptography to provide secure communications. Maor said I2P is a “true Darknet” that offers better protection than Tor, and explained how the added security layer makes it more difficult to research and understand the malware's infrastructure and capabilities.

However, Maor said he still thinks it is only a matter of time before the I2P encryption is broken – similar to how the FBI made a big arrest on Tor in August by exploiting a Firefox vulnerability – and added that the attackers using i2Ninja likely understand this, as well.

It is unclear just how much of a threat i2Ninja represents right now, Maor said, but the malware seems to be in high demand.

“The cyber criminal offering the malware in the underground indicated he has enough business due to the malware's underground publicity and indicated he cannot handle more requests to buy the malware,” Maor said. “The cyber criminal who posted the information regarding i2Ninja is a known and credible forum member.”

Although Trusteer researchers are still investigating i2Ninja, Maor advises using software capable of identifying such malware on the endpoint, combined with web-based solutions capable of identifying incoming infected devices and correlating high risk events to defend against it.

Share this article:

Sign up to our newsletters

More in News

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

JPMorgan Chase customers targeted in massive phishing campaign

JPMorgan Chase customers targeted in massive phishing campaign

Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.

Study: Organizations lack training, budget to thwart insider threats

Study: Organizations lack training, budget to thwart insider ...

Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.