“Hand of Thief” banking trojan but it does do Linux

Chat about Linux in general
User avatar
Orbmiser
Level 7
Level 7
Posts: 1501
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon
Contact:

“Hand of Thief” banking trojan but it does do Linux

Postby Orbmiser » Wed Aug 07, 2013 6:34 pm

“Hand of Thief” banking trojan doesn’t do Windows—but it does Linux
http://arstechnica.com/security/2013/08/hand-of-thief-banking-trojan-doesnt-do-windows-but-it-does-linux/

"Hand of Thief developers said the trojan has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora, and Debian. They also said it supports eight environments, including Gnome and Kde. The malware functions include a form grabber for both HTTP and HTTPS sessions running on Firefox, Google Chrome, and a host of Linux-only browsers. The trojan also blocks infected machines from accessing addresses that offer security updates and antivirus software. It contains defenses to prevent it from running on virtual machines to make it harder to be reverse engineered by white hat hackers and competitors."


Just a matter of Time when we too will be stuck running more antivirius apps like windows? :shock:
.

User avatar
js3915
Level 3
Level 3
Posts: 178
Joined: Fri Jul 05, 2013 5:35 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby js3915 » Wed Aug 07, 2013 6:42 pm

There will always be security risks / holes found but usually there are patches to fix those holes too eventually both in the kernel and the programs will always be a battle... If you keep your system well updated and dont go to risky sites chances are slim this would affect most people it still needs to find a way onto your machine including running to install to the right location i would think

wh7qq
Level 2
Level 2
Posts: 59
Joined: Mon Mar 15, 2010 5:43 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby wh7qq » Thu Aug 08, 2013 11:05 pm

Nothing I have read yet indicates how the infection occurs except one reference that suggests that social engineering is used to obtain information. It sounds like a long line of linux scare stories...fud?

Using linux is not a license to go crazy visiting dark or shaky sites online or to download things from places you don't know and trust. Also, if you use the root account routinely for everyday computing, you get what you deserve.

For sure, anyone calling from a legitimate banking institution will not ask for your credit card # or PIN. Just don't be an idiot.

User avatar
wyrdoak
Level 6
Level 6
Posts: 1309
Joined: Thu May 19, 2011 1:32 pm
Location: USA

Jack Wallen takes a look at the Hand of Thief trojan

Postby wyrdoak » Tue Aug 20, 2013 1:21 pm

Last edited by xenopeek on Mon Sep 02, 2013 1:39 am, edited 1 time in total.
Reason: Merged here; same subject.
-Dell Mini Inspiron 910 Netbook-Atom CPU-N270-1.60ghz; 16gbs mini ePCI PATA SSD
RAM- 1gbs-(LinixMint-17.1: KDE)

User avatar
jdhedden
Level 1
Level 1
Posts: 12
Joined: Tue Jul 02, 2013 3:09 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby jdhedden » Sat Aug 24, 2013 1:38 pm

According to this RSA blog post comment by user kempskie:
https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/#comment-71073
there will be follow-up by the RSA soon.

This has prompted me to at least install rkhunter and give my system an initial check.

User avatar
daveinuk
Level 6
Level 6
Posts: 1419
Joined: Tue Mar 23, 2010 7:52 pm
Location: Manchester, England.
Contact:

Re: “Hand of Thief” banking trojan but it does do Linux

Postby daveinuk » Sat Aug 24, 2013 2:22 pm

How is this deployed ? Is it through some sort of email phishing scheme or how would it get root access to a linux machine? I am troubled by how many people are still duped by email scams, there should be some sort of common sense lesson given out to some people :roll:
Image

User avatar
DrHu
Level 17
Level 17
Posts: 7561
Joined: Wed Jun 17, 2009 8:20 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby DrHu » Sat Aug 24, 2013 4:10 pm

A trojon isn't a virus, so it really depends on the user's own ineptitude to function for the thief
--if you are normally careful, and because a bank's ssl 128bit logon is secure (at least so far), you should not expect this to be a significant problem
    Even so, I would prefer bamks to allow long passwords and preferably randomized such as using perfect passords from Gibson research or your own random generator..
http://www.datadoctors.com/help/columns ... word-Tips/
--password tips..
  • Use reliable download sources, eg the Linux distributor..
  • Harden you system in the way you prefer
    --mandatory access control, rootkit detection, permissions limits, bastille scripts
    And remembering that most Linux exploits are local, not remote..

User avatar
xenopeek
Level 23
Level 23
Posts: 19250
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: “Hand of Thief” banking trojan but it does do Linux

Postby xenopeek » Wed Aug 28, 2013 3:40 pm

Avast! have investigated the trojan in depth: https://blog.avast.com/2013/08/27/linux ... -ungloved/
Image

User avatar
Snapcase
Level 3
Level 3
Posts: 135
Joined: Wed Jul 03, 2013 5:27 pm

Re: “Hand of Thief” banking trojan but it does do Linux

Postby Snapcase » Thu Aug 29, 2013 4:46 am

Yes, They did. And they make money selling antivirus software. Sure they like Linux or any other platform users to be scared and worried about malware thus wanting protection for their systems. AKA. They make more money.

it could advance Linux users a step forward in this specific environment. The same threatening environment in which Windows users have existed for years. The statement that the Linux platform is absolutely secure now seems even more illusive.


Can anything else be expected but this conclusion in an article coming from an antivirus seller?

An unbiased independent annalisys probably won't conclude this way.

... now seems even more illusive.

User avatar
linuxviolin
Level 8
Level 8
Posts: 2071
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Linux desktop Trojan 'Hand of Thief' steals in

Postby linuxviolin » Sun Sep 01, 2013 11:47 pm

Linux desktop Trojan 'Hand of Thief' steals in (August 8, 2013)

Someone's finally created what appears to be a semi-successful Linux Trojan.

(...)

Their Windows brothers and sisters had to deal with an unending stream of malware; but other than a handful of exploits aimed mostly at Linux servers, there were no real Linux Trojans or viruses. Oh well, all good things must come to an end.

(...)

Its developer claims "it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora, and Debian. As for desktop environments, the malware supports 8 different environments, including Gnome and KDE." The attack specifically targets common Web browsers Firefox, Google Chrome, as well as several other that others that are often found on Linux such as Chromium, Aurora, and Ice Weasel.

At this point, some Linux users may start pooh-poohing this as yet another case of virus FUD. It's not. Hand of Thief really is out there. I should know. Someone tried to give a case of it to me earlier today.

(...)

While Linux is still inherently more secure than Windows, it, like any other operating system, is not perfectly secure. Now, more than ever, desktop Linux users need to practice basic security if they're to be safe on the ever more dangerous Internet.


But I'll let you read this article... :)
Last edited by xenopeek on Mon Sep 02, 2013 1:38 am, edited 1 time in total.
Reason: Merged here; same subject.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)


Return to “Chat about Linux”

Who is online

Users browsing this forum: Fred Barclay and 1 guest