The Hand of Thief Linux banking Trojan being sold to criminals for $2000

Clenched handThe vast majority of malware is created for the Windows platform.

Yes, we do see money-making malicious software for Android and Mac OS X and users of those platforms should protect themselves, but mostly it’s Microsoft Windows in the firing line.

But that’s not to say that fans of other operating systems can be lax about their security, and a recent discovery by researchers at RSA underlines that.

Limor Kessem posted a blog yesterday about a new banking Trojan for the open-source Linux operating system called “Hand of Thief”.

And “Hand of Thief” is a substantial piece of work for Linux malware, compromising form grabbers for HTTP and HTTPS sessions running on a variety of browsers, blocking infected computers’ access to anti-virus websites and security patches, and virtual machine detection to make it harder for anti-virus researchers to reverse engineer its code.

In addition, “Hand of Thief” incorporates an admin panel, allowing a criminal to control the remote computers he has successfully hijacked around the world.

Hand of Thief Linux malware

Apparently the trojan has been tested on 15 different flavours of Linux including Ubuntu, Fedora, and Debian.

According to Kessem, the malware is currently being offered for sale, with free updates, in underground internet forums for $2,000 USD, but is anticipated to rise to $3,000 (with a $550 fee for major version updates) as new features are introduced in the near future.

That’s quite a high cost for a piece of malware, but small compared to the potential money that could be made by successfully compromising and infecting unprotected Linux computers.

All in all, it’s yet another reason why Linux users shouldn’t be complacent about their computer security, and run an anti-virus program.

What’s that? Your anti-virus vendor stopped supporting Linux?

You can read more about “Hand of Thief” on the RSA blog.

Tags: , , ,


, , ,

One Response

  1. Cody 189 August 25, 2013 at 4:56 am #

    "All in all, it’s yet another reason why Linux users shouldn’t be complacent about their computer security, and run an anti-virus program."

    In fact: no one should be – not even Unix and/or Linux geeks. There is no such thing as a completely secure computer (not even one that is turned off and not even one that is locked up; locksmithing anyone?). True there's less malware but need I remind anyone of Robert Tappan Morris' worm ? That's one of the most famous ones for obvious reasons but it's not the only one by any means.

Leave a Reply

XSLT by CarLake