Security experts recently discovered that a new financial malware program, i2Ninja, was put up for sale on a Russian cybercrime forum.
The malware utilizes the Invisible Internet Project, or I2P, anonymity network to disperse command-and-control messages from infected machines to cybercriminals, according to PCWorld. The I2P network is considered a darknet, as it has multiple layers of encryption in place that enable cybercriminals to communicate with each other anonymously without being detected by Internet monitors.
Security researcher Etay Maor said I2P is similar to the smaller darknet Tor, and describes them as “an Internet within an Internet,” providing cyberciminals a platform for nameless, protected messages.
“The i2Ninja [malware] takes its name from the malware’s use of if I2P – a networking layer that uses cryptography to allow secure communication between its peer-to-peer users,” Maor told InformationWeek.
This malware sample is fairly similar to other financial data leakage programs, PCWorld stated. I2Ninja was designed to steal financial information, login credentials and present rouge HTTP and HTTPS session content on browsers including Internet Explorer, Google Chrome and Firefox.
Due to its complexity and its dissemination through the I2P darknet, this infection poses a serious risk to enterprise endpoint security. Once a machine is infected with the malware, it becomes part of a botnet that can infect other devices within the network as well. In this way, the malware could steal a significant number of financial files and personal information from the multiple machines included in the botnet. Therefore, endpoint management software is essential to monitor systems for this type of threat.
According to PCWorld, this kind of system has considerable benefits for cybercriminals, including the ability to encrypt traffic between the command server and the malware program. Maor also said that the customer support attached to the malware is an attractive aspect for hackers. Those selling the sample are offering 24/7 customer support, which could point to the fact that malware creators are selling it globally.