Trojan "Hand of Thief" aims to steal banking info from Linux users

Linux users have enjoyed a veritable lack of malware that targets the everyday user for quite a long time, yet those days are very slowly coming to an end, with more trojans and such that target the operating system showing up. One such bit of malicious software is called "Hand of Thief," the brainchild of Russian cyber-criminals designed to nab banking details.

This trojan targets the average Linux desktop, and is currently being sold on the black market for a hefty $2,000 USD. Such a price tag gets the buyer free updates for the software, and enables them to acquire information from Linux machines they infect. For now, the software is limited to opening backdoors and offering form grabbers, but security firm RSA says it is expected the trojan will become a full bank info-stealing bit in the future.

When the software is finished and becomes a full banking malware package, the price will then likely jump to $3,000 USD, with new version updates costing $550 USD. The folks behind the software seem particularly motivated, according to RSA, having set up developers and sales agents, as well as support teams for those who purchase the software, making the trojan a commercial effort.

Just about all average Linux desktop users could be affected by the trojan, with the developers claiming that it has been tested as functional on Gnome and KDE desktop environments (as well as six others), and on 15 Linux distros, among them being such popular offerings as Fedora, Ubuntu, and Debian. As far as features of the trojan goes, RSA says it offers functions common of bank-related trojans.

Some of the features include HTTPS and HTTP form grabbers with support for Chrome, Firefox, Aurora, Ice Weasel, Chromium, and other Linux-only browsers. There's also SOCKS5 proxy, backdoor, and backconnect functionality, an anti-research tool box, and a block list. For now, the development on the trojan continues, and whether it will become a notable issue for Linux users is yet to be seen.

SOURCE: RSA