Credit card -stealing trojan 'offers better protection than Tor'

By

i2Ninja sold on a Russian cyber crime forum.

A credit-card-stealing trojan is being sold on a Russian cyber crime market that one expert says uses a peer-to-peer network that's safer than Tor.

Credit card -stealing trojan 'offers better protection than Tor'

The i2Ninja trojan infected systems via drive-by infection, fake advertisements and bogus links, but had not been discovered in the wild.

It takes its name from I2P, a layer of networking similar to Tor that uses cryptography to provide secure communications. 

Trusteer fraud prevention manager Etay Maor said I2P is a “true Darknet” that offers better protection than Tor, and explained how the added security layer makes it more difficult to research and understand the malware's infrastructure and capabilities.

"While the malware offers different HTML injection capabilities [targeting poker sites and grabbing email], it will also soon offer a virtual network computing (VNC) module just like all other major malware families,” Maor said, using trojan variants such as Zeus, Citadel and SpyEye as examples.

“Once a VNC capable malware infects a device, the attacker's options are almost limitless.”

However, Maor said he still thinks it is only a matter of time before the I2P encryption is broken – similar to how the FBI made a big arrest on Tor in August by exploiting a Firefox vulnerability – and added that the attackers using i2Ninja likely understand this, as well.

It is unclear just how much of a threat i2Ninja represents right now, Maor said, but the malware seems to be in high demand.

“The cyber criminal offering the malware in the underground indicated he has enough business due to the malware's underground publicity and indicated he cannot handle more requests to buy the malware,” Maor said. “The cyber criminal who posted the information regarding i2Ninja is a known and credible forum member.”

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?