'Hand of Thief' Banking Trojan Targets Linux
Still in development, the malware aims to allow criminals to steal funds from the bank accounts of Linux users and comes with anti-security features.Cyber-criminals developing malicious software commonly target the Windows operating system, only occasionally aim for Apple's Mac OS X, and very rarely look to compromise desktop systems running Linux. Yet one developer is doing just that, according to an analysis published by security firm RSA on Sept. 3. The "Hand of Thief" Trojan aims to allow cyber-criminals to compromise more than a dozen different flavors of Linux and grab information from the systems. However, the nascent banking Trojan still is rife with issues and does not have all the necessary features to be an effective attack tool, Yotam Gottesman, senior security researcher with RSA's FraudAction Research Labs, told eWEEK. "It is a work in progress," he said. "It's very early on in the development process." Hand of Thief is a departure for attackers: While cyber-criminals have targeted Linux-based Web servers–especially those running open-source content management systems such as Wordpress, Drupal or Joomla–they typically have not created programs to focus on desktop Linux systems.
In early August, RSA described the Hand of Thief Trojan based on claims by the developer that it would run on 15 different desktop Linux distributions and run under eight different windowing environments. Since then, the company has obtained binaries for specific environments and the source code for the command-and-control software. In its analysis released this week, the company concludes that the Trojan is far from ready for distribution. It only runs, for example, on 32-bit Linux distributions and relies on hard-coded configurations to tailor its targeting.