The Hand of Thief Linux banking Trojan being sold to criminals for $2000

Clenched handThe vast majority of malware is created for the Windows platform.

Yes, we do see money-making malicious software for Android and Mac OS X and users of those platforms should protect themselves, but mostly it’s Microsoft Windows in the firing line.

But that’s not to say that fans of other operating systems can be lax about their security, and a recent discovery by researchers at RSA underlines that.

Limor Kessem posted a blog yesterday about a new banking Trojan for the open-source Linux operating system called “Hand of Thief”.

Sign up to our free newsletter.
Security news, advice, and tips.

And “Hand of Thief” is a substantial piece of work for Linux malware, compromising form grabbers for HTTP and HTTPS sessions running on a variety of browsers, blocking infected computers’ access to anti-virus websites and security patches, and virtual machine detection to make it harder for anti-virus researchers to reverse engineer its code.

In addition, “Hand of Thief” incorporates an admin panel, allowing a criminal to control the remote computers he has successfully hijacked around the world.

Hand of Thief Linux malware

Apparently the trojan has been tested on 15 different flavours of Linux including Ubuntu, Fedora, and Debian.

According to Kessem, the malware is currently being offered for sale, with free updates, in underground internet forums for $2,000 USD, but is anticipated to rise to $3,000 (with a $550 fee for major version updates) as new features are introduced in the near future.

That’s quite a high cost for a piece of malware, but small compared to the potential money that could be made by successfully compromising and infecting unprotected Linux computers.

All in all, it’s yet another reason why Linux users shouldn’t be complacent about their computer security, and run an anti-virus program.

What’s that? Your anti-virus vendor stopped supporting Linux?

You can read more about “Hand of Thief” on the RSA blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

One comment on “The Hand of Thief Linux banking Trojan being sold to criminals for $2000”

  1. Cody

    "All in all, it’s yet another reason why Linux users shouldn’t be complacent about their computer security, and run an anti-virus program."

    In fact: no one should be – not even Unix and/or Linux geeks. There is no such thing as a completely secure computer (not even one that is turned off and not even one that is locked up; locksmithing anyone?). True there's less malware but need I remind anyone of Robert Tappan Morris' worm ? That's one of the most famous ones for obvious reasons but it's not the only one by any means.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.