Lots of coverage this week relating to ‘Hand of Thief’, the latest black-market Trojan designed for any aspiring cyber-fraudster – yours for just $2000.

Server room racksIt’s concerning news in that the threat to your personal data – predominantly your internet banking details – is an increasingly marketable commodity, but for the IT community, the additional interest in this particular piece of malware is that it has been engineered specifically for Linux. Estimates suggest that Linux as a desktop OS accounts for less than 1% of the worlds’ total. Of course, Linux is very popular as a host/server OS, but Hand of Thief is squarely intended to intercept a user’s browser interactions. It may be a proportionally small pool of potential targets but at least you get 100% of it – the quantity of malware targeted on the Linux OS is negligibly tiny compared to the tens of millions of newly added malware variants being discovered in the Windows world every year.

What Would Walter White Do?

The market for Hand of Thief seems to be modeled in the image of Breaking Bad’s Walter White’s structure for his blue crystal meth market (I’m sure I don’t need to explain what Breaking Bad is?). At the top, there is a development lab manufacturing the malware, and the guys engineering the code, like Walter and his trainee cooks, seem satisfied just to produce and sell the product. Their customers will either be the criminal gangs looking to use the malware to steal banking information, or there could even be a further tier of middle-men operating the phishing network to distribute the malware and gather account codes and passwords to sell onto other groups. These will be the guys actually logging in and transferring the cash-out.

The timing is interesting too – with the Citadel bust just being made public, the headline and moral of the story should have been that the perpetrators have just been jailed, but maybe the estimated $500M stolen was actually the more eye-catching element of the story? So instead of acting as a warning and deterrent to other cyber criminals, the story could just as likely have inspired even more to “get rich or die tryin’”, just like the notorious Albert Gonzalez who held this as his motto when he undertook his various scams targeting cardholder data theft.

Linux Users – Welcome to the New Wild West

The only real conclusion is that the inevitable proliferation of cybercrime-enabling malware continues and that the previous ‘high ground’ afforded by the Non-Windows Operating Systems seems now to be diminishing. The good news is that host intrusion detection system (HIDS) technology is also progressing – real-time FIM is already available for Mac OS X, and nearly all other contemporary Linux and Unix, including Solaris, Ubuntu, RedHat, and Suse. This means that there is already HIDS technology to detect malware, even Zero Day attacks that will evade anti-virus systems. Furthermore, with prevention always being the ideal strategy, hardening checklists can now be applied using the same File Integrity Monitoring technology to audit Linux hosts and Desktops to ensure most vulnerabilities are closed down and kept out. And of course, vigilance is always going to be required – phishing attacks have doubled in the last 12 months and this all points to a potentially upwards spiraling trend.

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.