Linux gets hit by a trojan -- it's time to sudo apt-get scared!
When evangelists pontificate the benefits of Linux, the topic of security always comes up. A big selling point of Linux-based operating systems are that they are generally immune to viruses, trojans and malware. However, this is a falsehood -- no OS is 100 percent safe when it comes to these things. According to security company RSA, a team of Russian cyber-criminals have developed a trojan, named "Hand of Thief", which targets Linux.
The security company explains that the trojan is "designed to steal information from machines running the Linux OS. This malware is currently offered for sale in closed cybercrime communities for $2,000 USD (€1,500 EUR) with free updates. The current functionality includes form grabbers and backdoor capabilities, however, it's expected that the Trojan will have a new suite of web injections and graduate to become full-blown banking malware in the very near future. At that point, the price is expected to rise to $3,000 USD (€2,250 EUR), plus a hefty $550 per major version release".
This seems excessively expensive given Linux's very small footprint with home users. However, it does seem to work against some popular distributions. "The Trojan's developer claims it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora and Debian. As for desktop environments, the malware supports eight different environments, including Gnome and KDE", says RSA.
According to RSA, the trojan has the following functionality:
- Form grabber for both HTTP and HTTPS sessions (Firefox, Google Chrome, Chromium, Aurora and Ice Weasel)
- Block list preventing access to specified hosts
- Backdoor, backconnect and SOCKS5 proxy
- Anti-research tool box, which includes anti-VM, anti-sandbox and anti-debugger
While this trojan does seem nasty and scary, it is unlikely to spread easily given Linux users' propensity towards common-sense about installing software. If a user sticks to only installing software from trusted repositories, they should continue to be safe and secure.
Linux users, does this new trojan have you worried? Will you be rushing to install Windows? Tell me in the comments.