'Hand of Thief' Trojan Hits Linux, Steals Passwords and Other Sensitive Information

Linux users have long been able to claim that their platform of choice is about as safe as an OS can get, but that sentiment is getting a little harder to side with thanks to the recent discovery of the 'Hand of Thief' trojan - it's a bad one, so listen up.

Hand of Thief's goal is to lead you to financial ruin by stealing sensitive information that you input into forms on supported Web browsers (Firefox and Chrome lead the pack here), such as those that you will use on banking websites. Hand of Thief's developers aren't going to be the ones milking your bank account dry, however. Instead, they're going to be selling licenses of the trojan to those who will. Current pricing is $2,000 with free updates, but that's soon to go up to $3,000. That sounds like a high price, until you realize that it could pay for itself instantly if someone with a packed bank account is targeted.

The discovery of this trojan was made by EMC's security division RSA. While malware isn't exactly uncommon for Linux, it is when we're talking about the desktop - it all boils down to marketshare; where are you going to go if you're a malware writer? The trojan's developers note that the software runs on 15 different Linux distros and 8 different desktop environments. While the Linux desktop userbase is small, it can be assumed that the vast majority will be running a combination that's supported by this trojan.

Some might be led to believe that this trojan is just a myth, the result of someone wanting to spread FUD, but ZDNET's Steven J. Vaughan-Nichols claims that someone had tried to sucker him in to get it installed. And that's the key thing here: this isn't a trojan that travels across networks, installing itself on each machine it hits. Social engineering is the primary source. If you're a member of Linux communities on social networks, you'll especially want to be careful. As always, be wary of links you're passed, even if they're from trusted friends. There's never any certainty that these friends actually sent them.

It goes without saying that Hand of Thief is a doozy, especially given we're talking about Linux here. If you get infected and hope to remove it, you'll be in for a bit of a challenge: the trojan alters memory addresses to make sure that you'll be unable to visit antivirus sites. It's not clear if you'd still be able to install protection through a repository, but given the complexity of the trojan, I'd be willing to bet that the creators thought that one through.

Tags:  Malware, Linux, virus, trojan, rsa
Show comments blog comments powered by Disqus