The Hand of Thief Linux banking Trojan being sold to criminals for $2000


Clenched handThe vast majority of malware is created for the Windows platform.

Yes, we do see money-making malicious software for Android and Mac OS X and users of those platforms should protect themselves, but mostly it’s Microsoft Windows in the firing line.

But that’s not to say that fans of other operating systems can be lax about their security, and a recent discovery by researchers at RSA underlines that.

Limor Kessem posted a blog yesterday about a new banking Trojan for the open-source Linux operating system called “Hand of Thief”.

And “Hand of Thief” is a substantial piece of work for Linux malware, compromising form grabbers for HTTP and HTTPS sessions running on a variety of browsers, blocking infected computers’ access to anti-virus websites and security patches, and virtual machine detection to make it harder for anti-virus researchers to reverse engineer its code.

In addition, “Hand of Thief” incorporates an admin panel, allowing a criminal to control the remote computers he has successfully hijacked around the world.

Hand of Thief Linux malware

Apparently the trojan has been tested on 15 different flavours of Linux including Ubuntu, Fedora, and Debian.

According to Kessem, the malware is currently being offered for sale, with free updates, in underground internet forums for $2,000 USD, but is anticipated to rise to $3,000 (with a $550 fee for major version updates) as new features are introduced in the near future.

That’s quite a high cost for a piece of malware, but small compared to the potential money that could be made by successfully compromising and infecting unprotected Linux computers.

All in all, it’s yet another reason why Linux users shouldn’t be complacent about their computer security, and run an anti-virus program.

What’s that? Your anti-virus vendor stopped supporting Linux?

You can read more about “Hand of Thief” on the RSA blog.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

One Response

  1. Cody

    August 25, 2013 at 4:56 am #

    All in all, it’s yet another reason why Linux users shouldn’t be complacent about their computer security, and run an anti-virus program.”

    In fact: no one should be - not even Unix and/or Linux geeks. There is no such thing as a completely secure computer (not even one that is turned off and not even one that is locked up; locksmithing anyone?). True there’s less malware but need I remind anyone of Robert Tappan Morris’ worm ? That’s one of the most famous ones for obvious reasons but it’s not the only one by any means.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.