'Hand of Thief' Linux trojan steals Internet banking information

By on

One of the benefits of using an obscure operating system like Linux is that, well, nobody uses it. That means you don’t really have to deal with all of the virus and malware associated with Windows and to a lesser extent, OS X.

Those times, however, may be changing as a new Linux trojan has been discovered in the wild. According to the RSA (the security division of EMC), a Russian-based cybercrime team has unleashed a banking trojan known as the Hand of Thief.

The trojan is said to be no different than what you’d find on a Windows machine. At its core, it consists of a “form grabber” designed to steal the login credentials of those using Internet banking. Specifically, the trojan captures the username and password in addition to the timestamp of when you logged in, the URL of the site you logged in to and perhaps even your web browser’s cookies.

The collection of data is then sent to a command-and-control server at which time your information will likely be sold to the highest bidder. From there, a crook would begin to rack up charges on your behalf either until the account is drained or you notice the suspicious behavior.

The trojan is said to work on 15 different Linux distributions including popular choices like Ubuntu, Fedora and Debian. It attacks the most common web browsers such as Firefox, Chrome, Aurora and Ice Weasel. The good news at this point is that there isn’t really a solid delivery mechanism for the package. The trojan’s “sales agent” suggests using e-mail and social engineering as methods of infection.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.