Hand of the Thief Trojan: Can it Pick Your Pocket?

Criminals use the latest to technology for a very old-fashioned reason, to steal folk’s money. If they can obtain your personal information, most significantly your login credential, the can access and drain your financial accounts.The latest tool they have at their disposal is malware known the “Hand of Thief” aimed at the Linux operating system. The key features include:

•  A “form grabber” used to steal login credentials
•  The ability to bypass signature based security
•  The ability to prevent users from accessing sites to download antivirus protection
•  The ability to hide from virtual subsystems, aka sandboxes

There has been a lot of buzz about the “Hand of the Thief” since it first became widely known in July. Fortunately, researchers have shown that it may not be particularly effective. Analysts at RSA, a report release September 5th, referred to it as essentially a proto type that is not fully functioning. The grabber is ineffective because the program has trouble communicating with its command and control servers and can be easily deleted. They also note that it has not actually been found “in the wild” yet. Nevertheless, it has raised some significant concerns in my mind.

First, as the RSA analysts also indicate, future versions are likely to be more effective. How do they know this, because they spoke to the Russian developer and know what he is planning!

And that raises my second concern. There is a brazenness about this operation that is startling. A very public market exists for malware kits, and judging by this case it must be very lucrative. The developer is selling it for $2000 a kit.

Cybercriminals operate in the open, sharing and selling the tools of their trade without apparent fear of the law. There seems to be little interest in stopping them by the authorities in Russia and Eastern Europe, but it extends far beyond that. With the Web, no matter how far away a site is located it is still just a click away.

Finally, up until now Linux users have felt safe from such attacks. This is the first known case of a banking trojan targeting the Linux platform. Hackers have primarily focused on Windows systems, by far the most common system by home and business users. Over 85% of all desktop users work with MS Windows, while less than 2% worldwide use Linux. A higher percentage of server systems use Linux, but financial fraud is targeted at individuals.

Therefore, if you use Windows you have no worries.
Perhaps not right away.

However, the Android operating system is a version of Linux and now operates on about 80% of smartphones. Throw in tablets and netbooks operating on Android and there is a significant opening for hackers in non-Windows systems. I would predict that the “Hand of the Thief” is just the beginning of a refocus of hacker’s attention away from Windows to other opportunities.

If you use an Android mobile device, make sure you get the Comodo Mobile Security app. If nothing else, it also has great theft protection.