“Hand of Thief” banking trojan but it does do Linux

Chat about Linux in general

“Hand of Thief” banking trojan but it does do Linux

Postby Orbmiser on Wed Aug 07, 2013 6:34 pm

“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux
http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/

"Hand of Thief developers said the trojan has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora, and Debian. They also said it supports eight environments, including Gnome and Kde. The malware functions include a form grabber for both HTTP and HTTPS sessions running on Firefox, Google Chrome, and a host of Linux-only browsers. The trojan also blocks infected machines from accessing addresses that offer security updates and antivirus software. It contains defenses to prevent it from running on virtual machines to make it harder to be reverse engineered by white hat hackers and competitors."


Just a matter of Time when we too will be stuck running more antivirius apps like windows? :shock:
.
User avatar
Orbmiser
Level 7
Level 7
 
Posts: 1514
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon

Linux Mint is funded by ads and donations.
 

Re: “Hand of Thief” banking trojan but it does do Linux

Postby js3915 on Wed Aug 07, 2013 6:42 pm

There will always be security risks / holes found but usually there are patches to fix those holes too eventually both in the kernel and the programs will always be a battle... If you keep your system well updated and dont go to risky sites chances are slim this would affect most people it still needs to find a way onto your machine including running to install to the right location i would think
js3915
Level 3
Level 3
 
Posts: 173
Joined: Fri Jul 05, 2013 5:35 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby wh7qq on Thu Aug 08, 2013 11:05 pm

Nothing I have read yet indicates how the infection occurs except one reference that suggests that social engineering is used to obtain information. It sounds like a long line of linux scare stories...fud?

Using linux is not a license to go crazy visiting dark or shaky sites online or to download things from places you don't know and trust. Also, if you use the root account routinely for everyday computing, you get what you deserve.

For sure, anyone calling from a legitimate banking institution will not ask for your credit card # or PIN. Just don't be an idiot.
wh7qq
Level 1
Level 1
 
Posts: 38
Joined: Mon Mar 15, 2010 5:43 pm

Jack Wallen takes a look at the Hand of Thief trojan

Postby wyrdoak on Tue Aug 20, 2013 1:21 pm

Last edited by xenopeek on Mon Sep 02, 2013 1:39 am, edited 1 time in total.
Reason: Merged here; same subject.
-Dell Mini Netbook-Atom CPU-N270-1.60ghz; 16gbs mini ePCI PATA SSD
RAM- 1gbs-(Maya-Xfce) LInux 3.2.0.57-generic(i686)
SolydX (32bit)
User avatar
wyrdoak
Level 6
Level 6
 
Posts: 1313
Joined: Thu May 19, 2011 1:32 pm
Location: USA

Re: “Hand of Thief” banking trojan but it does do Linux

Postby jdhedden on Sat Aug 24, 2013 1:38 pm

According to this RSA blog post comment by user kempskie:
https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/#comment-71073
there will be follow-up by the RSA soon.

This has prompted me to at least install rkhunter and give my system an initial check.
User avatar
jdhedden
Level 1
Level 1
 
Posts: 13
Joined: Tue Jul 02, 2013 3:09 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby daveinuk on Sat Aug 24, 2013 2:22 pm

How is this deployed ? Is it through some sort of email phishing scheme or how would it get root access to a linux machine? I am troubled by how many people are still duped by email scams, there should be some sort of common sense lesson given out to some people :roll:
Lenovo ThinkPad T61 LM16-64 bit Intel T7500/2.2GHz/Cinammon 1.8 Intel GM965. Toshiba Satellite M70: LM16-32bit. Desktop:LM13 Maya 64 bit, on new Intel 3.2ghz proc/asus MB/8gb RAM
User avatar
daveinuk
Level 5
Level 5
 
Posts: 959
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.

Re: “Hand of Thief” banking trojan but it does do Linux

Postby DrHu on Sat Aug 24, 2013 4:10 pm

A trojon isn't a virus, so it really depends on the user's own ineptitude to function for the thief
--if you are normally careful, and because a bank's ssl 128bit logon is secure (at least so far), you should not expect this to be a significant problem
    Even so, I would prefer bamks to allow long passwords and preferably randomized such as using perfect passords from Gibson research or your own random generator..
http://www.datadoctors.com/help/columns ... word-Tips/
--password tips..
  • Use reliable download sources, eg the Linux distributor..
  • Harden you system in the way you prefer
    --mandatory access control, rootkit detection, permissions limits, bastille scripts
    And remembering that most Linux exploits are local, not remote..
User avatar
DrHu
Level 16
Level 16
 
Posts: 6776
Joined: Wed Jun 17, 2009 8:20 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby xenopeek on Wed Aug 28, 2013 3:40 pm

Avast! have investigated the trojan in depth: https://blog.avast.com/2013/08/27/linux ... -ungloved/
User avatar
xenopeek
Level 21
Level 21
 
Posts: 14801
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: “Hand of Thief” banking trojan but it does do Linux

Postby Snapcase on Thu Aug 29, 2013 4:46 am

Yes, They did. And they make money selling antivirus software. Sure they like Linux or any other platform users to be scared and worried about malware thus wanting protection for their systems. AKA. They make more money.

it could advance Linux users a step forward in this specific environment. The same threatening environment in which Windows users have existed for years. The statement that the Linux platform is absolutely secure now seems even more illusive.


Can anything else be expected but this conclusion in an article coming from an antivirus seller?

An unbiased independent annalisys probably won't conclude this way.

... now seems even more illusive.
User avatar
Snapcase
Level 3
Level 3
 
Posts: 135
Joined: Wed Jul 03, 2013 5:27 pm

Linux desktop Trojan 'Hand of Thief' steals in

Postby linuxviolin on Sun Sep 01, 2013 11:47 pm

Linux desktop Trojan 'Hand of Thief' steals in (August 8, 2013)

Someone's finally created what appears to be a semi-successful Linux Trojan.

(...)

Their Windows brothers and sisters had to deal with an unending stream of malware; but other than a handful of exploits aimed mostly at Linux servers, there were no real Linux Trojans or viruses. Oh well, all good things must come to an end.

(...)

Its developer claims "it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora, and Debian. As for desktop environments, the malware supports 8 different environments, including Gnome and KDE." The attack specifically targets common Web browsers Firefox, Google Chrome, as well as several other that others that are often found on Linux such as Chromium, Aurora, and Ice Weasel.

At this point, some Linux users may start pooh-poohing this as yet another case of virus FUD. It's not. Hand of Thief really is out there. I should know. Someone tried to give a case of it to me earlier today.

(...)

While Linux is still inherently more secure than Windows, it, like any other operating system, is not perfectly secure. Now, more than ever, desktop Linux users need to practice basic security if they're to be safe on the ever more dangerous Internet.


But I'll let you read this article... :)
Last edited by xenopeek on Mon Sep 02, 2013 1:38 am, edited 1 time in total.
Reason: Merged here; same subject.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
User avatar
linuxviolin
Level 8
Level 8
 
Posts: 2055
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Linux Mint is funded by ads and donations.
 

Return to Chat about Linux

Who is online

Users browsing this forum: No registered users and 6 guests