I2Ninja Trojan Taps Anonymized Darknet

  /     /     /  
Publicated : 22/11/2024   Category : security


I2Ninja Trojan Taps Anonymized Darknet


New malware being sold via underground Russian cybercrime markets uses decentralized, anonymizing P2P system.



Beware a new, Russian-built banking Trojan, dubbed i2Ninja, that uses an anonymizing cryptographic network to mask its related botnet communications.
That warning comes via IBMs Trusteer, which has spotted the malware for sale on underground Russian cybercrime forums.
The i2Ninja [malware] takes its name from the malwares use of I2P -- a networking layer that uses cryptography to allow secure communication between its peer-to-peer users, said Trusteer security researcher Etay Maor in a
blog post
. While this concept is somewhat similar to Tor and Tor services, I2P was designed to maintain a true Darknet -- an Internet within the Internet where secure and anonymous messaging and use of services can be maintained.
I2P stands for the
Invisible Internet Project
, a still-in-beta project described by its developers as a computer network layer that allows applications to send messages to each other pseudonymously and securely. The software can also be used for surfing the web and transferring files anonymously, courtesy of HTTP proxies.
[The Kelihos botnet is not dead, thanks to fast flux architecture and Windows XP infections. Read
Kelihos Botnet Thrives, Despite Takedown
.]
While such technology has obvious privacy applications, in the hands of botnet controllers -- a.k.a. herders -- it also provides a way to disguise communications between command-and-control (C&C) servers and the i2Ninja-infected PCs serving as botnet nodes.
Why not use the Tor anonymizing network instead? According to the
I2P development site
, this anonymizing network is designed and optimized for hidden services, which are much faster than in Tor, while it also supports peer-to-peer communications and does not require Tors centralized view of network activity. Using the I2P network, i2Ninja can maintain secure communications between the infected devices and command-and-control server, said Maor. Everything from delivering configuration updates to receiving stolen data and sending commands is done via the encrypted I2P channels. The i2Ninja malware also offers buyers a proxy for anonymous Internet browsing, promising complete online anonymity.
Indeed, i2Ninjas use of I2P also enables malware customers to directly communicate with i2Ninjas customer-support team -- using encrypted communications, naturally -- as well as to tap a trouble-ticket system thats built into the malwares admin panel. A potential buyer can communicate with the authors/support team, open tickets and get answers -- all while enjoying the security and anonymity provided by I2Ps encrypted messaging, said Maor.
As with other types of
modern financial malware
, the Trojan offers multiple modules, each designed to steal a different type of valuable information. Some of the modules, for example, include an FTPgrabber that can steal FTP credentials from 33 different clients; a PokerGrabber to grab any usernames and passwords for popular online Poker games such as 88poker, Absolute Poker, and Full Tilt Poker that are stored on the PC; and a MailGrabber that can grab credentials for 16 different email clients. The malware can also search for -- and remove -- files with specified extensions or filenames from an infected PC.
In addition, the malware can launch
HTTP/HTTPS injection attacks
-- the developer claims this feature works for all versions of Internet Explorer, Firefox, and Chrome -- which allow attackers to make hidden financial transactions while users are logged into a banking website. Coming soon, i2Ninjas developer has promised to release virtual network connection (VNC) capabilities so that botnet herders can remotely access and control infected PCs.
But one of the Trojans most notable features, said Maor, is the level of customer care being offered. The malware sellers promise around-the-clock support, which suggests that theyre distributing their wares globally. While some malware offerings have offered an interface with a support team in the past -- Citadel and Neosploit, to name two -- i2Ninjas 24/7 secure help desk channel is a first, Maor said.
The use of cloud technology is booming, often offering the only way to meet customers, employees, and partners rapidly rising requirements. But IT pros are rightly nervous about a lack of visibility into the security of data in the cloud. In this Dark Reading report,
Integrating Vulnerability Management Into The Application Development Process
, we put the risk in context and offer recommendations for products and practices that can increase insight -- and enterprise security. (Free registration required.)

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
I2Ninja Trojan Taps Anonymized Darknet