14 DAY TRIAL // RSA security researchers warn that a new banking Trojan is being sold on the underground market by Russian cybercriminals. What’s interesting about this threat, dubbed “Hand of Thief,” is that it’s designed to steal information from computers running Linux.
The Trojan has been tested on 15 different Linux distributions and it supports 8 desktop environments, including the popular Gnome and Kde.
Customers are given a basic administration panel that allows them to control the infected devices. The collected information is stored in a MySQL database.
As far as distribution is concerned, currently, there aren’t any significant exploit packs that target the Linux platform. That’s why the seller recommends the use of email or social engineering as the infection vector.
The malware is currently sold for $2,000 (€1,500) with free updates, but only in closed cybercrime communities.
For the time being, the Trojan has only grabber and backdoor capabilities. However, experts say it will be fitted with a new suite of web injections that will turn it into a full-blown banking malware.
Once it becomes mature, the Linux threat will cost around $3,000 (€2,250). In addition, customers will have to pay $550 (€410) for every major update.
Considering that the victim base is small, the price of the threat is fairly high.
“Although Hand of Thief comes to the underground at a time when commercial Trojans are high in demand, writing malware for the Linux OS is uncommon, and for good reason,” RSA cyber intelligence expert Limor Kessem explained.
“In comparison to Windows, Linux’s user base is smaller, considerably reducing the number of potential victims and thereby the potential fraud gains. Secondly, since Linux is open source, vulnerabilities are patched relatively quickly by the community of users.”