'Hand of Thief' Linux trojan steals Internet banking information

By on August 9, 2013, 6:00 PM

One of the benefits of using an obscure operating system like Linux is that, well, nobody uses it. That means you don’t really have to deal with all of the virus and malware associated with Windows and to a lesser extent, OS X.

Those times, however, may be changing as a new Linux trojan has been discovered in the wild. According to the RSA (the security division of EMC), a Russian-based cybercrime team has unleashed a banking trojan known as the Hand of Thief.

The trojan is said to be no different than what you’d find on a Windows machine. At its core, it consists of a “form grabber” designed to steal the login credentials of those using Internet banking. Specifically, the trojan captures the username and password in addition to the timestamp of when you logged in, the URL of the site you logged in to and perhaps even your web browser’s cookies.

The collection of data is then sent to a command-and-control server at which time your information will likely be sold to the highest bidder. From there, a crook would begin to rack up charges on your behalf either until the account is drained or you notice the suspicious behavior.

The trojan is said to work on 15 different Linux distributions including popular choices like Ubuntu, Fedora and Debian. It attacks the most common web browsers such as Firefox, Chrome, Aurora and Ice Weasel. The good news at this point is that there isn’t really a solid delivery mechanism for the package. The trojan’s “sales agent” suggests using e-mail and social engineering as methods of infection.




User Comments: 15

Got something to say? Post a comment
Guest said:

A brave little trojan that would, if only he could. No means to get into your system? That really nullifies the whole scare factor, doesn't it. I mean, you can just run some unknown program, giving it superuser privileges, and it wipes your hard drive. A real threat is something that can creep in without user's participation, and if this one can't, then, well... I'm not scared, sorry. And I won't even read the name of the company that tries to get a bit of advertisement with this "discovery" of theirs. As my captcha for this post says: "stop wasting time" :)

RH00D RH00D said:

A brave little trojan that would, if only he could. No means to get into your system? That really nullifies the whole scare factor, doesn't it. I mean, you can just run some unknown program, giving it superuser privileges, and it wipes your hard drive. A real threat is something that can creep in without user's participation, and if this one can't, then, well... I'm not scared, sorry. And I won't even read the name of the company that tries to get a bit of advertisement with this "discovery" of theirs. As my captcha for this post says: "stop wasting time"

Every piece of malware needs some degree of user interaction to infect a system(s)... You're not going to get an infection by just plugging into the Internet.

Unless you're plugging into a local network that has a worm on other computers on the network, but even then, user interaction would've been necessary in the first place.

Endafy Endafy said:

A brave little trojan that would, if only he could. No means to get into your system? That really nullifies the whole scare factor, doesn't it. I mean, you can just run some unknown program, giving it superuser privileges, and it wipes your hard drive. A real threat is something that can creep in without user's participation, and if this one can't, then, well... I'm not scared, sorry. And I won't even read the name of the company that tries to get a bit of advertisement with this "discovery" of theirs. As my captcha for this post says: "stop wasting time" :)

Most likely the thief had access to these systems, or used one of the many known exploits to gain root and install the malware and let it do it's thing. You forget the people factor, not to mention some are very stupid and no seat of power will ever change that. Look at George Bush he was the president and God he was dumb. The real threat here was either mal-intent or stupidity, both equally dangerous, this was simply the tool that got the job done.

1 person liked this |
Staff
Per Hansson Per Hansson, TS Server Guru, said:

Every piece of malware needs some degree of user interaction to infect a system(s)... You're not going to get an infection by just plugging into the Internet.

Have you never heard about an operating system called Windows?

https://isc.sans.edu/survivaltime.html

Guest said:

"obscure"

Yeah, totally.

Guest said:

The only user interaction need is someone pressing the power on

Guest said:

" Look at George Bush he was the president and God he was dumb" - you managed to work that into a comment about a Linux trojan. Well played /sarcasm

likedamaster said:

The troubles that come with a growing OS. Just the beginning.

Camikazi said:

Every piece of malware needs some degree of user interaction to infect a system(s)... You're not going to get an infection by just plugging into the Internet.

Have you never heard about an operating system called Windows?

https://isc.sans.edu/survivaltime.html

You do realize that the list and the entire site shows Unix and Applications which means various OSes, so pointing out Windows does nothing to change the fact that it will affect all OSes. Yea, it happens with Windows if not patches just like it will happen to every other OS if not patched as always Windows is most popular so you will see it more often on those lists.

Staff
Per Hansson Per Hansson, TS Server Guru, said:

@Camikazi my point was that no user interaction is required to be infected, unlike what @RH00D said. Just for some fun you can change the graph to show only Unix system, the survival time is much much longer.

Of course anyone connecting an unpatched system directly to the Internet deserves to be infected with all sorts of malware.

RenGood08 RenGood08 said:

The one virus I know that can infect your system without your say so really, is one that disguises itself as a antivirus system and then it just by itself begins to scan your system. You don't even have to click anything. it just does it. Then it blocks your access to Control Panel and the Computer Management Console. I've seen this twice. Its nasty. But can be stopped! Always have your Administrator account set up just in case that happens!

Guest said:

Everything in life, including OS's has its pros and cons. No OS is invulnerable to malware, especially if a user installs it do to social engineering or ignorance. The key is to have layers of protection, patch/update OS and apps, firewall, malware scanner, user education, etc.

Guest said:

One of the benefits of using an obscure operating system like Linux is that, well, nobody uses it. That means you don't really have to deal with all of the virus and malware associated with Windows and to a lesser extent, OS X.

That's what I've been saying all along, but the lousy Linux zealots scoff at this statement and ridiculously claim that Linux is "inherently secure" than Windows. One Linux zealot even said that Linux is "*****-proof" which means that it is impossible for Linux to get compromised even if a careless user give permission to a virus. Of course, this latest incident proves that Linux zealots' claims are all BS. And they are the reasons why I eschewed Linux in the first place.

Guest said:

The solution is obvious, switch to Linux or OSX - this sort of problem only affects Windows.

Guest said:

The solution is obvious, switch to Linux or OSX - this sort of problem only affects Windows.

Please tell me you are being sarcastic.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.