i2Ninja is malware the has the ability to perform HTML injections and form grabbing in Internet Explorer, Firefox and Chrome. i2Ninja can also steal FTP and e-mail credentials. It also has a feature that targets poker sites. This malware hides communication between infected hosts and the command and control serve by transmitting over the Invisible Internet Project (I2P).
I2P is a peer-to-peer network that communicates through a cryprtographic network layer. I2P creates a layer of communication within the internet to provide secure services and anonymous communication. There are also HTTP proxies so I2P users can browse the Internet anonymously.
i2Ninja was discovered for sale on a Russian forum. The criminal toolkit offers customers a proxy promising them anonymity. The malware’s command and control server also comes with a trouble ticket feature that allows the buyer to communicate with the maker of i2Ninja for tech support over the I2P’s encrypted network. Tech support is available 24/7.