Thieves Reaching for Linux—”Hand of Thief” Trojan Targets Linux

Just two weeks after reporting about the commercialization of the KINS banking Trojan, RSA reveals yet another weapon to be used in a cybercriminal’s arsenal.

It appears that a Russia based cybercrime team has set its sights on offering a new banking Trojan targeting the Linux operating system. This appears to be a commercial operation, which includes support/sales agents and software developer(s).

MEET THE “HAND OF THIEF” TROJAN

Hand of Thief is a Trojan designed to steal information from machines running the Linux OS. This malware is currently offered for sale in closed cybercrime communities for $2,000 USD (€1,500 EUR) with free updates. The current functionality includes form grabbers and backdoor capabilities, however, it’s expected that the Trojan will have a new suite of web injections and graduate to become full-blown banking malware in the very near future. At that point, the price is expected to rise to $3,000 USD (€2,250 EUR), plus a hefty $550 per major version release. These prices coincide with those quoted by developers who released similar malware for the Windows OS, which would make Hand of Thief relatively priced way above market value considering the relatively small user base of Linux.

The Trojan’s developer claims it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora, and Debian. As for desktop environments, the malware supports 8 different environments, including Gnome and KDE.

Read more about Hand of Thief here