Trojan targets Linux desktop users, steals web banking info


Recommended Posts

hand-of-thief-linux-trojan.jpg

 

Malware certainly exists for Linux, but it's more frequently targeted at servers than everyday PCs. Unfortunately, regular users now have more reason to worry: a rare instance of a Linux desktop trojan, Hand of Thief, has surfaced in the wild. The code swipes banking logins and other web sign-in details, creates a backdoor and prevents access to both antivirus tools and virtual machines. It's known to work with common browsers like Chrome and Firefox as well as 15 Linux distributions, including Debian, Fedora and Ubuntu. Thankfully, Hand of Thief is partly neutered by its limited attack methods; it relies on social engineering to fool victims into installing the software themselves. Even so, the trojan is a reminder that we shouldn't be complacent about security, regardless of which platform we use.

 

 

http://www.engadget.com/2013/08/09/trojan-targets-linux-desktop-users/

Link to comment
Share on other sites

Thankfully, Hand of Thief is partly neutered by its limited attack methods; it relies on social engineering to fool victims into installing the software themselves

 

Nothing can save the foolish.

  • Like 3
Link to comment
Share on other sites

Eh it's nothing unique.. if you can trick somebody into doing something stupid, they're boned regardless what OS they're running, nothing is bulletproof. Just going to see more of this if Linux's desktop numbers go up.

Link to comment
Share on other sites

Anyone running Linux isn't your average user, so they should be smart enough not to install this.

Not necessarily.. I set my neighbor up with a XFCE desktop specifically because he kept falling for malware designed to trick people.. simple ones like the "you need to install this codec to view the video" gag for example. Sooner or later there's going to be more people using it on the desktop (more users, more malware), and with the internals of a Linux being less familiar to the majority of people it'll probably be even easier. "Just double-click this .deb" or "install my PPA" and such. "Run this script to unlock free games on Steam." Don't worry about the sudo password, it's just like telling UAC it's ok, we promise it's safe. Presto, malware.
Link to comment
Share on other sites

Glad to see this!

I have tried running Windows malware using wine for over 15 years now with precious little success.   Now it seems that I can not feel so left out.  >.>

On the serious side, trojans have existed for a while, from tricking a friend to run a bash script with an rm -rf / in it to something more sophisticated like this.   Tricking people into running malicious code using deception and social engineering is not new.

  • Like 1
Link to comment
Share on other sites

Eh it's nothing unique.. if you can trick somebody into doing something stupid, they're boned regardless what OS they're running, nothing is bulletproof. Just going to see more of this if Linux's desktop numbers go up.

Try telling that to Mac users, who mostly think they're immune to viruses.

Link to comment
Share on other sites

^ Unbelievable! Mark is back in the house. And the world rejoices! Welcome back, my great friend!! :punk:

Hahaha!   Three Four posts since 2010.  I'm hardly burning up the servers. :shiftyninja:

Link to comment
Share on other sites

Regardless of OS, user coercion is pretty much the only way of getting Malware onto a PC nowadays.

Link to comment
Share on other sites

^ Unbelievable! Mark is back in the house. And the world rejoices! Welcome back, my great friend!! :punk:

 

Indeed! So on topic,  we need some more info. Does it install as a root user or standard? Will it affect all users in a multi user system? What can we do to block it from accessing private data aside from not installing the software? Etc. This just comes across as "hey linux users, you're unsafe too!"

Link to comment
Share on other sites

Indeed! So on topic,  we need some more info. Does it install as a root user or standard? Will it affect all users in a multi user system? What can we do to block it from accessing private data aside from not installing the software? Etc. This just comes across as "hey linux users, you're unsafe too!"

 

more info about it here

 

https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/

Link to comment
Share on other sites

Indeed! So on topic,  we need some more info. Does it install as a root user or standard? Will it affect all users in a multi user system? What can we do to block it from accessing private data aside from not installing the software? Etc. This just comes across as "hey linux users, you're unsafe too!"

SJVN posted a blog article here: http://www.zdnet.com/linux-desktop-trojan-hand-of-thief-steals-in-7000019175/ that explains more.  It sounds from the description that since it must be installed, it has to have root permissions from the user to do so.

Link to comment
Share on other sites

People running linux usually aren't your average user, so they should be smart enough not to install this.

 

More and more people are tuning "mum and dad's old pc" into Ubuntu machines (or similar)...

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.