'Hand of Thief' Linux trojan steals Internet banking information

Shawn Knight

Shawn Knight

Posts: 15,291   +192
Staff member

One of the benefits of using an obscure operating system like Linux is that, well, nobody uses it. That means you don’t really have to deal with all of the virus and malware associated with Windows and to a lesser extent, OS X.

Those times, however, may be changing as a new Linux trojan has been discovered in the wild. According to the RSA (the security division of EMC), a Russian-based cybercrime team has unleashed a banking trojan known as the Hand of Thief.

trojan linux

The trojan is said to be no different than what you’d find on a Windows machine. At its core, it consists of a “form grabber” designed to steal the login credentials of those using Internet banking. Specifically, the trojan captures the username and password in addition to the timestamp of when you logged in, the URL of the site you logged in to and perhaps even your web browser’s cookies.

The collection of data is then sent to a command-and-control server at which time your information will likely be sold to the highest bidder. From there, a crook would begin to rack up charges on your behalf either until the account is drained or you notice the suspicious behavior.

The trojan is said to work on 15 different Linux distributions including popular choices like Ubuntu, Fedora and Debian. It attacks the most common web browsers such as Firefox, Chrome, Aurora and Ice Weasel. The good news at this point is that there isn’t really a solid delivery mechanism for the package. The trojan’s “sales agent” suggests using e-mail and social engineering as methods of infection.

Permalink to story.

https://www.techspot.com/news/53579-hand-of-thief-linux-trojan-steals-internet-banking-information.html

 
A brave little trojan that would, if only he could. No means to get into your system? That really nullifies the whole scare factor, doesn't it. I mean, you can just run some unknown program, giving it superuser privileges, and it wipes your hard drive. A real threat is something that can creep in without user's participation, and if this one can't, then, well... I'm not scared, sorry. And I won't even read the name of the company that tries to get a bit of advertisement with this "discovery" of theirs. As my captcha for this post says: "stop wasting time" :)
 
Guest said:
A brave little trojan that would, if only he could. No means to get into your system? That really nullifies the whole scare factor, doesn't it. I mean, you can just run some unknown program, giving it superuser privileges, and it wipes your hard drive. A real threat is something that can creep in without user's participation, and if this one can't, then, well... I'm not scared, sorry. And I won't even read the name of the company that tries to get a bit of advertisement with this "discovery" of theirs. As my captcha for this post says: "stop wasting time" :)
Click to expand...
Every piece of malware needs some degree of user interaction to infect a system(s)... You're not going to get an infection by just plugging into the Internet.

Unless you're plugging into a local network that has a worm on other computers on the network, but even then, user interaction would've been necessary in the first place.
 
Guest said:
A brave little trojan that would, if only he could. No means to get into your system? That really nullifies the whole scare factor, doesn't it. I mean, you can just run some unknown program, giving it superuser privileges, and it wipes your hard drive. A real threat is something that can creep in without user's participation, and if this one can't, then, well... I'm not scared, sorry. And I won't even read the name of the company that tries to get a bit of advertisement with this "discovery" of theirs. As my captcha for this post says: "stop wasting time" :)
Click to expand...

Most likely the thief had access to these systems, or used one of the many known exploits to gain root and install the malware and let it do it's thing. You forget the people factor, not to mention some are very stupid and no seat of power will ever change that. Look at George Bush he was the president and God he was dumb. The real threat here was either mal-intent or stupidity, both equally dangerous, this was simply the tool that got the job done.
 
" Look at George Bush he was the president and God he was dumb" - you managed to work that into a comment about a Linux trojan. Well played /sarcasm
 
Per Hansson said:
RH00D said:
Every piece of malware needs some degree of user interaction to infect a system(s)... You're not going to get an infection by just plugging into the Internet.
Click to expand...
Have you never heard about an operating system called Windows?
https://isc.sans.edu/survivaltime.html
Click to expand...
You do realize that the list and the entire site shows Unix and Applications which means various OSes, so pointing out Windows does nothing to change the fact that it will affect all OSes. Yea, it happens with Windows if not patches just like it will happen to every other OS if not patched as always Windows is most popular so you will see it more often on those lists.
 
Camikazi my point was that no user interaction is required to be infected, unlike what RH00D said. Just for some fun you can change the graph to show only Unix system, the survival time is much much longer.
Of course anyone connecting an unpatched system directly to the Internet deserves to be infected with all sorts of malware.
 
The one virus I know that can infect your system without your say so really, is one that disguises itself as a antivirus system and then it just by itself begins to scan your system. You don't even have to click anything. it just does it. Then it blocks your access to Control Panel and the Computer Management Console. I've seen this twice. Its nasty. But can be stopped! Always have your Administrator account set up just in case that happens!
 
Everything in life, including OS's has its pros and cons. No OS is invulnerable to malware, especially if a user installs it do to social engineering or ignorance. The key is to have layers of protection, patch/update OS and apps, firewall, malware scanner, user education, etc.
 
Shawn Knight said:
One of the benefits of using an obscure operating system like Linux is that, well, nobody uses it. That means you don’t really have to deal with all of the virus and malware associated with Windows and to a lesser extent, OS X.
Click to expand...
That's what I've been saying all along, but the lousy Linux zealots scoff at this statement and ridiculously claim that Linux is "inherently secure" than Windows. One Linux zealot even said that Linux is "*****-proof" which means that it is impossible for Linux to get compromised even if a careless user give permission to a virus. Of course, this latest incident proves that Linux zealots' claims are all BS. And they are the reasons why I eschewed Linux in the first place.
 
The solution is obvious, switch to Linux or OSX - this sort of problem only affects Windows.
 

Guest said:
The solution is obvious, switch to Linux or OSX - this sort of problem only affects Windows.
Click to expand...
Please tell me you are being sarcastic.
 
You must log in or register to reply here.

Similar threads

A
Thief: The Dark Project gets a new, fan-made expansion
Replies
4
Views
286
Neatfeatguy
N
D
Linux market share on desktop computers reaches an all-time high
2
Replies
42
Views
611
Guillermo Belli
G
Shawn Knight
Mar10 Day deals and steals: Save on Nintendo games featuring Mario and friends
Replies
1
Views
127
ScottSoapbox
S

Latest posts

Back