So you thought you were safe from all the internet nasties – worms, Trojans, spyware and so on whilst tapping away on your Linux flavoured computer? Well, you might want to think again.

Reports today have surfaced of a new kind of malware that’s specifically targeted at Linux users, which is being hawked on underground cybercrime forums for the very reasonable price of just $2,000.

Called “Hand of Thief”, the so-called banking Trojan is almost unique among malicious code in that it’s geared to attack computers running the world’s most popular open-source operating systems. Even more interesting is that this particular nasty is about as vicious as they get, being able to run on all major browsers and incorporating everything from nasty form-grabbers, not to mention the ability to block access to the websites of security companies and general updates. The virus is also said to have been built with virtual machine detection that makes it even harder for security researchers to pin it down. Even worse, it apparently works on just about every Linux flavour known to man – with Ubuntu, Fedora, Debian and various desktop environments such as KDE and Gnome all said to be vulnerable, according to the Russian makers.

Hand of Thief was discovered by researchers at the RSA security firm. In a blog post, Limor Kessem says that the virus is being offered for sale on a number of popular cybercrime forums. Currently available for $2,000, it’s expected that this price will increase to around $3,000 once new features have been added to it.

Kessem writes:

“The current functionality includes form-grabbers and backdoor capabilities, however, it’s expected that the Trojan will have a new suite of web injections and graduate to become full-blown banking malware in the very near future. At that point, the price is expected to rise to $3,000 (€2,250 EUR), plus a hefty $550 per major version release.”

RSA researchers are now trying to fight the virus, and have apparently obtained both the server-side and malware-builder source code, which should allow them to fully understand its full capabilities.

Is Linux Malware a Threat?

Virtually all malicious code is written for the Windows operating system, simply because it’s by far and away the most widely used in the world. So many are there that security firms have given up trying to keep count, and simply try to stay ahead of the most virulent and dangerous types. From the point of view of cybercriminals, this is a smart strategy, as the huge number of viruses doing the rounds overwhelms antivirus companies – meaning that no computer is ever truly safe.

Aside from Windows, Android also has its problems with malware, with around 720,000 malicious apps said to be in existence at this point in time, according to Trend Micro.

In comparison, the Mac OS X operating system is rarely targeted in this way, with the number of malicious programs doing the rounds thought to number in their hundreds at the most. For Linux, this figure is said to be even lower, and what little exists is usually targeted at servers rather than desktops, hence malware like Hand of Thief is exceptionally rare.

That doesn’t mean it can’t be profitable in the right hands though – clearly the designers believe there’s a market for it or they’d never have made it. Linux might command less than 1% of the OS market share, but that minuscule figure still equates to millions of users, many of whom believe that there internet banking and ecommerce transactions are far safer on something like Ubuntu, and are perhaps too confident that they will never become victims.
Even so, the risk to Linux users isn’t that great so long as people don’t do anything stupid. According to RSA, the people selling Hand of Thief went as far as to admit that they don’t know of any exploits for Linux, and recommended tricking people into downloading the malware through phishing scams and the like.

The emergence of the Hand of Thief could be a sign that open-source operating systems are becoming less secure, but what with its hefty price tag and the absence of a reliable way to spread it around the web, Linux users can probably breathe easy for now.