Dangerous Linux Trojan could be sign of things to come

RSA expert details "Hand of Thief" banking Trojan

Desktop Linux users accustomed to a relatively malware-free lifestyle should get more vigilant in the near future – a researcher at RSA has detailed the existence of the "Hand of Thief" Trojan, which specifically targets Linux.

According to cyber intelligence expert Limor Kessem, Hand of Thief operates a lot like similar malware that targets Windows machines – once installed, it steals information from web forms, even if they're using HTTPS, creates a backdoor access point into the infected machine, and attempts to block off access to anti-virus update servers, VMs, and other potential methods of detection.

[MORE SECURITY: Chrome's password security insanity can be cured]

Hand of Thief is currently being sold in “closed cybercrime communities” for $2,000, which includes free updates, writes Kessem. However, she adds, the upcoming addition of new web injection attack technology will push the price to $3,000, and introduce a $550 fee for major version updates.

“These prices coincide with those quoted by developers who released similar malware for the Windows OS, which would make Hand of Thief relatively priced way above market value considering the relatively small user base of Linux,” she notes.

Getting Linux computers infected in the first place, however, could be more problematic for would-be thieves – Kessem says the lack of exploits targeting Linux means that social engineering and email are the most likely attack vectors, citing a conversation with Hand of Thief's sales agent.

Kessem also says that growth in the number of desktop Linux users – prompted, in part, by the perceived insecurity of Windows – could potentially herald the arrival of more malware like Hand of Thief, as the number of possible targets grows.

Historically, desktop Linux users have been more or less isolated from the constant malware scares that plague Windows, which is at least partially a function of the fact that their numbers represent a tiny fraction of the Windows install base.

Users of Linux-based Android smartphones, however, have become increasingly tempting targets for computer crime – and with the aforementioned growth in desktop users, the number of threats may increase even further.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Join the discussion
Be the first to comment on this article. Our Commenting Policies