2014-02-16 00:48:10 +00:00
|
|
|
=========================
|
|
|
|
|
Malware at i2pbrowser.net
|
|
|
|
|
=========================
|
|
|
|
|
.. meta::
|
|
|
|
|
:date: 2014-02-16
|
|
|
|
|
:excerpt: The site i2pbrowser.net is a fake I2P website mirror serving up malware for Windows.
|
|
|
|
|
|
|
|
|
|
We have recently been made aware of the existence of i2pbrowser.net. This
|
|
|
|
|
website copies our homepage and download page, and attempts to trick users into
|
|
|
|
|
downloading Windows malware.
|
|
|
|
|
|
|
|
|
|
There are several indicators that point to i2pbrowser.net being a malware site:
|
|
|
|
|
|
|
|
|
|
- The domain was registered on February 10th, 2014.
|
|
|
|
|
- The download URLs for Windows, Mac OSX, Linux, Android etc. all link to the
|
|
|
|
|
same .exe file.
|
|
|
|
|
- The .exe is only 741 KB; the official Windows installer for I2P is 13 MB.
|
|
|
|
|
|
|
|
|
|
We have not examined the malware ourselves, but it does not appear to be very
|
|
|
|
|
sophisticated; it is not integrated into or bundled with the I2P software.
|
2014-02-16 00:51:55 +00:00
|
|
|
Information security expert `Lance James`_ posted `a tweet`_ labelling it as
|
|
|
|
|
"a standard dark comet rat".
|
2014-02-16 00:48:10 +00:00
|
|
|
|
|
|
|
|
Spread the word. The only offical download locations for I2P are linked on our
|
|
|
|
|
`download page`_. All I2P download packages are GPG-signed by the
|
|
|
|
|
`release signing key`_.
|
|
|
|
|
|
|
|
|
|
.. _`Lance James`: https://twitter.com/lancejssc
|
|
|
|
|
.. _`a tweet`: https://twitter.com/lancejssc/status/434768667310821377
|
|
|
|
|
.. _`download page`: {{ get_url('downloads_list') }}
|
|
|
|
|
.. _`release signing key`: {{ site_url('get-involved/develop/release-signing-key') }}
|
