Pricey Linux banking trojan appears

Open sourcers can be quite vocal about the general lack of malware for Linux based systems, but a new banking trojan has popped up, surprising the community.

Most of the world still runs on Windows, so by comparison, Linux doesn’t get much in the way of malware.

However, RSA’s Limor Kessem wrote in his blog about a new Linux banking trojan called “Hand of Thief” which suggests malicious code writers have worked out there’s some value in open source malware after all.

Security research Graham Cluley said that the “Hand of Thief” is a lot of work for Linux malware.

It compromises form grabbers for HTTP and HTTPS sessions running on a variety of browsers, blocking infected computers’ access to anti-virus websites and security patches, and virtual machine detection.

All this makes it harder for anti-virus researchers to reverse engineer its code.

In addition, “Hand of Thief” incorporates an admin panel, allowing a criminal to control the remote computers that have been successfully hijacked around the world.

Kessem said that the trojan has been tested on 15 different flavours of Linux, including Ubuntu, Fedora, and Debian, and is being offered for sale with free updates in underground web forums for as much as $2,000.

The writers expect to push the cost to $3,000, with a $550 fee for major version updates, as features are introduced in the near future.

Cluley said that is quite a high cost for a piece of malware, but small compared to the potential money that could be made by successfully compromising and infecting unprotected Linux computers.