i2Ninja is a Russian malware product that is targeting the online poker industry. It uses the I2P shadow internet to allow peer to peer communication and access users’ privately stored information—the authors even promise help desk support.
InfoSecurity Magazine said: “While some malware offerings have offered an interface with a support team in the past (Citadel and Neosploit to name two), i2Ninja’s 24/7 secure help desk channel is a first.”
According to a post on a Russian cybercrime forum, the software allows buyers to grab information from forms and emails, and includes “PokerGrabber” which works with “the most popular clients – 888poker, Absolute Poker, Cake Poker, Full Tilt Poker, Party Poker, PokerStars, Titan Poker.”
The inclusion of Absolute Poker which collapsed over two years ago suggests that the list is out of date.
Kaspersky Lab malware researcher Dmitry Tarakanov told PCWorld.com the malware will likely be distributed via the “usual methods” including “spam emails, drive-by-download attacks launched from websites infected with exploit kits and by direct installation through existing botnets.”
Once the malware is installed on a system, the culprit can access the internet from the infected computer to disguise his true identity and location. Information collected, either online or from the infected computers is then encrypted and sent back to the malware owner.
I2P is a “a networking layer that uses cryptography to allow secure communication between its peer-to-peer users.” It is a means of getting around internet surveillance by the authorities.
The advice, as always is to ensure that anti-virus and anti-malware programs are up to date, be alert to any unusual activity on banking, poker and social media accounts and whenever possible use a dedicated computer exclusively for playing online poker.