Introducing – The Hand of Thief

A Russian hackers team has set a goal to conquer Linux and is planning to make a lot of money out of it. Meet the ‘Hand of Thief’ – A Trojan directed directly onto your bank account.
This is not the first Trojan developed by these cyber Russian hackers, only few weeks ago there have been reports about a new Trojan attacking online banking customers on Windows. This time  the hackers group has set a new goal – a Trojan designed to attack on Linux operating systems.

Apparently this is a commercial developed project, which includes support and sales agents that market the malware on the black market network.

Hand of Thief is a Trojan created to steal information from users on Linux operating systems. This malware is currently offered for sale in online communities for about $2,000, including free updates.
It is estimated that the Trojan is expected to include a new suite of web browser code injection, which will make it a first class banking malware. When that happens, the price of the Trojan is expected to rise to about $3,000, plus an amount of $550 for every update. These prices match those of a present similar malware developed for the Windows operating system, and makes the Hand of Thief Trojan priced relatively higher than the amount accepted in the market, especially considering the relatively small amount of users running Linux.

The hackers claim that the Trojan has been tested on 15 different distributions of Linux, including Ubuntu, Fedora and Debian. When it comes to Linux, the malware supports eight different environments, including Gnome and KDE. The infrastructure of the Trojan collects combinations of usernames and passwords and stores the information in a MySQL database. The stolen data includes information such as timestamp, installed software versions, visited sites and HTTP POST data. The Hand of Thief offers the possibility to steal cookies that often used by criminals to hijack live conversations between the bank and the customer.

Some primary features of the Trojan include:
–    Theft of details from HTTP and HTTPS conversation forms
–    Supported browsers include Firefox, Google Chrome and some other Linux-based browsers such as Chromium, Aurora and Ice Weasel .
–    A block list that prevents access to predefined URLs (a similar method used by the Citadel Trojan, in order to isolate computers from security updates and antivirus software servers) .
–    Security breaches, Backdoor, Backconnect and SOCKS5 proxy .
–    A toolbox that prevents executes in research labs, including anti-VM, anti-sandbox and anti-sniffer.

The developers of the malware have written basic management interface that allows controlling the botnet, use the interface queries and run basic commands to control the infected computers.

So what ‘s next? Without the ability to distribute the malware extensively as in Windows platform, the price tag seems too high and raises the question: Does Linux Trojan have the same value as a Window one?
In addition, in light of recent recommendations to leave non-secure operating systems such as Windows to an alleged more secure Linux distribution, the question arises whether Hand of Thief represents the early signs that Linux is becoming less safe.