Banking trojans continue to be the scourge of the web, with Zeus, Citadel, Ramnit, Spyeye and others continuing to infect machines on a widespread basis. But a new offering has been uncovered in a Russian cybercrime forum, a malware variant that, until now, has been working incognito the i2Ninja malware.
The bug carries out all the usual financial nastiness, but is unique in its use of secure peer-to-peer (P2P) communications. The cybercrime underground provides a robust marketplace for buying and selling different malware variants,” said Trusteer researcher Etay Maor, in a blog.
He added that unlike the name-brand banking trojans, “lurking in the dark shadows of the Internet, some cybercriminal groups prefer to remain low profile and not sell their tool of choice to the general underground public.”
The i2Ninja offers a similar set of capabilities to the ones offered by other major financial malware: HTML injection and form grabbing for all major browsers, FTP grabber and a soon-to-be-released virtual network connection, or VNC, module. In addition, the malware also provides a Poker Grabber module targeting major online poker sites and an email grabber.
Maor said “Using the I2P network, i2Ninja can maintain secure communications between the infected devices and command and control server”
“Everything from delivering configuration updates to receiving stolen data and sending commands is done via the encrypted I2P channels. The i2Ninja malware also offers buyers a proxy for anonymous Internet browsing, promising complete online anonymity.”
An integrated help desk via a ticketing system within the malware’s command and control lets a potential buyer communicate with the authors and support team, open trouble tickets and get answers
Maor said “While some malware offerings have offered an interface with a support team in the past (Citadel and Neosploit to name two), i2Ninja’s 24/7 secure help desk channel is a first”.
i2Ninja has not been spotted in the wild, feasting on people’s bank accounts. But that no doubt will change.
“With increasing black market activity and the release of various malware source code, we expect to see a new malware variants and new underground offerings in 2014,” Maor said. “i2Ninja has already been discussed in several Russian speaking cybercrime forums, Trusteer's Security team is actively monitoring for a live variant of this malware. Once such an attack is identified and researched we will update with new technical details.”
Rehardless, the surge of financial malware shows no signs of slowing: the third quarter of 2013 saw the number of online banking Trojans detected reach record levels, according to Trend Micro, with more than 200,000 infections reported in the period.
The bug carries out all the usual financial nastiness, but is unique in its use of secure peer-to-peer (P2P) communications. The cybercrime underground provides a robust marketplace for buying and selling different malware variants,” said Trusteer researcher Etay Maor, in a blog.
He added that unlike the name-brand banking trojans, “lurking in the dark shadows of the Internet, some cybercriminal groups prefer to remain low profile and not sell their tool of choice to the general underground public.”
The i2Ninja offers a similar set of capabilities to the ones offered by other major financial malware: HTML injection and form grabbing for all major browsers, FTP grabber and a soon-to-be-released virtual network connection, or VNC, module. In addition, the malware also provides a Poker Grabber module targeting major online poker sites and an email grabber.
Maor said “Using the I2P network, i2Ninja can maintain secure communications between the infected devices and command and control server”
“Everything from delivering configuration updates to receiving stolen data and sending commands is done via the encrypted I2P channels. The i2Ninja malware also offers buyers a proxy for anonymous Internet browsing, promising complete online anonymity.”
An integrated help desk via a ticketing system within the malware’s command and control lets a potential buyer communicate with the authors and support team, open trouble tickets and get answers
Maor said “While some malware offerings have offered an interface with a support team in the past (Citadel and Neosploit to name two), i2Ninja’s 24/7 secure help desk channel is a first”.
i2Ninja has not been spotted in the wild, feasting on people’s bank accounts. But that no doubt will change.
“With increasing black market activity and the release of various malware source code, we expect to see a new malware variants and new underground offerings in 2014,” Maor said. “i2Ninja has already been discussed in several Russian speaking cybercrime forums, Trusteer's Security team is actively monitoring for a live variant of this malware. Once such an attack is identified and researched we will update with new technical details.”
Rehardless, the surge of financial malware shows no signs of slowing: the third quarter of 2013 saw the number of online banking Trojans detected reach record levels, according to Trend Micro, with more than 200,000 infections reported in the period.
No comments:
Post a Comment