Researchers find banking fraud virus targeting Linux users

Researchers at security company RSA have discovered a banking fraud malware targeting Linux users. The virus, named Hand of Thief, is being sold on underground forums for $2,000. Compared to Windows malware, its features are relatively rudimentary, including only form grabbing and backdoor functionalities. However, researchers estimate that it has the potential to become more sophisticated, with richer features, such as the ability to inject attacker-controlled content into bank web pages trusted by users. Due to the smaller user base of Linux, malware authors rarely develop specific viruses or trojans for the Linux operating system. Additionally, Linux's open-source development model makes it less susceptible to attacks from malicious code exploiting security vulnerabilities.

However, this viewpoint is quite controversial among security researchers, as there are cases where Linux vulnerabilities have remained unpatched for years. The developers of Hand of Thief claim that the trojan has been tested on 15 desktop distributions, including Ubuntu, Fedora, and Debian, and supports eight desktop environments, including Gnome and KDE. The trojan’s capabilities include capturing HTTP and HTTPS sessions from browsers such as Firefox and Google Chrome, blocking access to security updates and antivirus software addresses, and preventing execution in virtual machines—possibly to prevent reverse engineering by security researchers and competitors.