A spokesperson for the minds behind the Citadel Trojan said recently on an underground forum that the malware would no longer be publicly available, according to RSA.
According to
RSA’s FraudAction Research Labs, a spokesperson for the creators of the Citadel Trojan declared on an underground forum after the recent release of the Trojan’s latest version (v1.3.4.5) that the software would no longer be publicly available and only existing customers would be able to receive upgrades.
Others who wish to purchase a new kit would have to get an existing customer to vouch for them. It remains to be seen if the developers will actually pull it off digital shelves, a spokesperson for EMC’s RSA security division told eWEEK July 2.
"While this could be a marketing stunt designed to create urgency and generate more sales, Citadel’s developers could also be seeing the need to slow down sales," RSA blog post reads.
“By selling less, they can keep the Trojan from being all too widely spread, which will invariably lead to more sampling and research and cause them the need to rework its evasion mechanisms. Additionally, more customers also means more support, more underground buzz, and eventually—as with Zeus, SpyEye, and Carberp—more cyber-crime arrests linked with using Citadel.”
Citadel is built on the source code of the notorious Zeus Trojan typically linked to the theft of banking credentials and fraud. In May, the Internet Crime Complaint Center (IC3), a multi-agency task force consisting of the FBI, the National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance, warned that the Citadel platform was being used to deliver ransomware known as Reveton.
Today, Citadel is the most advanced crimeware tool money can buy, RSA said. Sold for $2,500, attackers can also purchase plug-ins for an average of $1,000 each.
"Malware developers working on criminal-popular projects like Citadel rightfully fear law enforcement. Their actions of developing, supporting and selling advanced crimeware makes them an accessory to the crimes which can easily get them indicted alongside their botmaster customers. The more popular the banking Trojan becomes, the more banks and merchants push to have its developers and bot masters behind bars."
"Looking to the surrounding cybercrime arena, history proves that malware coders know when to leave the room. To date, developers of popular Trojans like Zeus’ Slavik, SpyEye’s Gribodemon, and Ice IX’s GSS have never been arrested and we are seeing the Citadel’s team already taking measures to go deeper underground for their own safety."