'Hand of Thief' Trojan Hits Linux, Steals Passwords and Other Sensitive Information

Linux users have long been able to claim that their platform of choice is about as safe as an OS can get, but that sentiment is getting a little harder to side with thanks to the recent discovery of the 'Hand of Thief' trojan - it's a bad one, so listen up.

Hand of Thief's goal is to lead you to financial ruin by stealing sensitive information that you input into forms on supported Web browsers (Firefox and Chrome lead the pack here), such as those that you will use on banking websites. Hand of Thief's developers aren't going to be the ones milking your bank account dry, however. Instead, they're going to be selling licenses of the trojan to those who will. Current pricing is $2,000 with free updates, but that's soon to go up to $3,000. That sounds like a high price, until you realize that it could pay for itself instantly if someone with a packed bank account is targeted.

The discovery of this trojan was made by EMC's security division RSA. While malware isn't exactly uncommon for Linux, it is when we're talking about the desktop - it all boils down to marketshare; where are you going to go if you're a malware writer? The trojan's developers note that the software runs on 15 different Linux distros and 8 different desktop environments. While the Linux desktop userbase is small, it can be assumed that the vast majority will be running a combination that's supported by this trojan.

Some might be led to believe that this trojan is just a myth, the result of someone wanting to spread FUD, but ZDNET's Steven J. Vaughan-Nichols claims that someone had tried to sucker him in to get it installed. And that's the key thing here: this isn't a trojan that travels across networks, installing itself on each machine it hits. Social engineering is the primary source. If you're a member of Linux communities on social networks, you'll especially want to be careful. As always, be wary of links you're passed, even if they're from trusted friends. There's never any certainty that these friends actually sent them.

It goes without saying that Hand of Thief is a doozy, especially given we're talking about Linux here. If you get infected and hope to remove it, you'll be in for a bit of a challenge: the trojan alters memory addresses to make sure that you'll be unable to visit antivirus sites. It's not clear if you'd still be able to install protection through a repository, but given the complexity of the trojan, I'd be willing to bet that the creators thought that one through.

Tags:  Malware, Linux, virus, trojan, rsa
dnw1962 one year ago

So considering all the information that seems to be known about this it begs the question who are the creators of this clearly malicious software and what if anything is being done to stop their activities. Certainly if anyone was successful in using this software the creators would be complicit in the crime. I am not a lawyer but certainly it seems to me that creating a tool that is only designed for the purpose of a criminal act should in itself be a crime. In todays world of everything being so very connected I am surprised how little I hear about these type of criminals being caught and punished. Probably it is silly to think some developing nation is going to go after it citizens for attempting to steal from some richer individual in another country though.

RWilliams one year ago

I'm led to believe that these people are as anonymous as anonymous gets, so it might be hard to track them down (although governments have hunted down anonymous people before, so I dunno). What I'm curious about is how they get their payments, and it's kind of funny those people who shell over the $2 or $3K for the software... you're not dealing with an actual company here, but rather some anonymous being through the Web. It's a very strange thing.

Post a Comment
or Register to comment