Criminals offer Linux "Hand of Thief" banking trojan for $2000

Russian crooks develop malware to target open source software.

Cybercrminals in Russia are selling a Trojan via dark web channels that can target bank accounts of Linux users.

According to Limo Kessem, cybercrime and online fraud communications specialist at security vendor RSA, the "Hand of Thief" trojan has limited functionality at the moment, sporting only some backdoor functionality and form grabbers. But she said that it could soon have "a new suite of web injections and graduate to become full-blown banking malware in the very near future."

These prices coincide with those quoted by developers who released similar malware for the Windows OS

The malware is being punted around the criminal community for $2,000 USD (1,289.21) with free updates. But with the enhanced functionality promised soon, the price could easily rise to $3,000 USD (1,933.81), plus a hefty $550 (354.56) per major version release, according to Kessem.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"These prices coincide with those quoted by developers who released similar malware for the Windows OS, which would make Hand of Thief relatively priced way above market value considering the relatively small user base of Linux," she said in a blog post.

Despite the various flavours of Linux that are available, cybercriminal developers have gone to great lengths to ensure compatibility with testing carried out on on 15 different Linux desktop distributions, including Ubuntu, Fedora and Debian. As for desktop environments, the malware supports 8 different environments, including Gnome and KDE.

The trojan collects the stolen credentials and stores the information in a MySQL database. Captured data includes information such as timestamp, user agent, website visited and POST data. Hand of Thief also exhibits cookie-stealing functionality.

Kessem said that writing malware for Linux was "uncommon" given the open source OS's smaller user base when compared to Windows and even OS X. The OS is also updated more frequently compared to others.

"Since Linux is open source, vulnerabilities are patched relatively quickly by the community of users. Backing this up is the fact that there aren't significant exploit packs targeting the platform," she said.

"In fact, in a conversation with the malware's sales agent, he himself suggested using email and social engineering as the infection vector."

Advertisement - Article continues below

She added that without the ability to spread the malware as widely as on the Windows platform, "the price tag seems hefty, and raises the question will the Linux Trojan have the same value as its Windows counterparts?"

"Does Hand of Thief represent the early signs of Linux becoming less secure as cybercrime migrates to the platform?"

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/operating-systems/28025/best-linux-distros-2019-the-finest-open-source-operating-systems-around
operating systems

Best Linux distros 2019

24 Dec 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020