“Hand of Thief” banking trojan but it does do Linux

Chat about Linux in general
Post Reply
Orbmiser
Level 6
Level 6
Posts: 1487
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon
Contact:

“Hand of Thief” banking trojan but it does do Linux

Post by Orbmiser »

“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux
[url]http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/[/url]
"Hand of Thief developers said the trojan has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora, and Debian. They also said it supports eight environments, including Gnome and Kde. The malware functions include a form grabber for both HTTP and HTTPS sessions running on Firefox, Google Chrome, and a host of Linux-only browsers. The trojan also blocks infected machines from accessing addresses that offer security updates and antivirus software. It contains defenses to prevent it from running on virtual machines to make it harder to be reverse engineered by white hat hackers and competitors."
Just a matter of Time when we too will be stuck running more antivirius apps like windows? :shock:
.
User avatar
js3915
Level 3
Level 3
Posts: 177
Joined: Fri Jul 05, 2013 5:35 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Post by js3915 »

There will always be security risks / holes found but usually there are patches to fix those holes too eventually both in the kernel and the programs will always be a battle... If you keep your system well updated and dont go to risky sites chances are slim this would affect most people it still needs to find a way onto your machine including running to install to the right location i would think
wh7qq
Level 2
Level 2
Posts: 87
Joined: Mon Mar 15, 2010 5:43 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Post by wh7qq »

Nothing I have read yet indicates how the infection occurs except one reference that suggests that social engineering is used to obtain information. It sounds like a long line of linux scare stories...fud?

Using linux is not a license to go crazy visiting dark or shaky sites online or to download things from places you don't know and trust. Also, if you use the root account routinely for everyday computing, you get what you deserve.

For sure, anyone calling from a legitimate banking institution will not ask for your credit card # or PIN. Just don't be an idiot.
wyrdoak
Level 6
Level 6
Posts: 1309
Joined: Thu May 19, 2011 1:32 pm
Location: USA

Jack Wallen takes a look at the Hand of Thief trojan

Post by wyrdoak »

http://www.techrepublic.com/blog/linux-and-open-source/hand-of-thief-malware-could-be-dangerous-if-you-install-it/?ftag=TRE475558a&s_cid=e011&tag=nl.e011&ttag=e011
Last edited by xenopeek on Mon Sep 02, 2013 1:39 am, edited 1 time in total.
Reason: Merged here; same subject.
-Dell Mini Inspiron 910 Netbook-Atom CPU-N270-1.60ghz; 16gbs mini ePCI PATA SSD
15GB RAM- 1gbs-(LinixMint-19.3: LMDE)
User avatar
jdhedden
Level 1
Level 1
Posts: 12
Joined: Tue Jul 02, 2013 3:09 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Post by jdhedden »

According to this RSA blog post comment by user kempskie:
https://blogs.rsa.com/thieves-reaching- ... ment-71073
there will be follow-up by the RSA soon.

This has prompted me to at least install rkhunter and give my system an initial check.
User avatar
daveinuk
Level 7
Level 7
Posts: 1555
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.
Contact:

Re: “Hand of Thief” banking trojan but it does do Linux

Post by daveinuk »

How is this deployed ? Is it through some sort of email phishing scheme or how would it get root access to a linux machine? I am troubled by how many people are still duped by email scams, there should be some sort of common sense lesson given out to some people :roll:
User avatar
DrHu
Level 17
Level 17
Posts: 7522
Joined: Wed Jun 17, 2009 8:20 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Post by DrHu »

A trojon isn't a virus, so it really depends on the user's own ineptitude to function for the thief
--if you are normally careful, and because a bank's ssl 128bit logon is secure (at least so far), you should not expect this to be a significant problem
  • Even so, I would prefer bamks to allow long passwords and preferably randomized such as using perfect passords from Gibson research or your own random generator..
http://www.datadoctors.com/help/columns/21830-Perfect-Password-Tips/
--password tips..
  • Use reliable download sources, eg the Linux distributor..
  • Harden you system in the way you prefer
    --mandatory access control, rootkit detection, permissions limits, bastille scripts
    And remembering that most Linux exploits are local, not remote..
User avatar
xenopeek
Level 25
Level 25
Posts: 25149
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: “Hand of Thief” banking trojan but it does do Linux

Post by xenopeek »

Avast! have investigated the trojan in depth: https://blog.avast.com/2013/08/27/linux ... -ungloved/
Image
User avatar
Snapcase
Level 3
Level 3
Posts: 135
Joined: Wed Jul 03, 2013 5:27 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Post by Snapcase »

Yes, They did. And they make money selling antivirus software. Sure they like Linux or any other platform users to be scared and worried about malware thus wanting protection for their systems. AKA. They make more money.
it could advance Linux users a step forward in this specific environment. The same threatening environment in which Windows users have existed for years. The statement that the Linux platform is absolutely secure now seems even more illusive.
Can anything else be expected but this conclusion in an article coming from an antivirus seller?

An unbiased independent annalisys probably won't conclude this way.
... now seems even more illusive.
User avatar
linuxviolin
Level 8
Level 8
Posts: 2083
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Linux desktop Trojan 'Hand of Thief' steals in

Post by linuxviolin »

Linux desktop Trojan 'Hand of Thief' steals in (August 8, 2013)
Someone's finally created what appears to be a semi-successful Linux Trojan.

(...)

Their Windows brothers and sisters had to deal with an unending stream of malware; but other than a handful of exploits aimed mostly at Linux servers, there were no real Linux Trojans or viruses. Oh well, all good things must come to an end.

(...)

Its developer claims "it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora, and Debian. As for desktop environments, the malware supports 8 different environments, including Gnome and KDE." The attack specifically targets common Web browsers Firefox, Google Chrome, as well as several other that others that are often found on Linux such as Chromium, Aurora, and Ice Weasel.

At this point, some Linux users may start pooh-poohing this as yet another case of virus FUD. It's not. Hand of Thief really is out there. I should know. Someone tried to give a case of it to me earlier today.

(...)

While Linux is still inherently more secure than Windows, it, like any other operating system, is not perfectly secure. Now, more than ever, desktop Linux users need to practice basic security if they're to be safe on the ever more dangerous Internet.

But I'll let you read this article... :)
Last edited by xenopeek on Mon Sep 02, 2013 1:38 am, edited 1 time in total.
Reason: Merged here; same subject.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
Post Reply

Return to “Chat about Linux”