The security company explains that the trojan is "designed to steal information from machines running the Linux OS. This malware is currently offered for sale in closed cybercrime communities for $2,000 USD (€1,500 EUR) with free updates. The current functionality includes form grabbers and backdoor capabilities, however, it's expected that the Trojan will have a new suite of web injections and graduate to become full-blown banking malware in the very near future. At that point, the price is expected to rise to $3,000 USD (€2,250 EUR), plus a hefty $550 per major version release".
This seems excessively expensive given Linux's very small footprint with home users. However, it does seem to work against some popular distributions. "The Trojan's developer claims it has been tested on 15 different Linux desktop distributions, including Ubuntu, Fedora and Debian. As for desktop environments, the malware supports eight different environments, including Gnome and KDE", says RSA.
According to RSA, the trojan has the following functionality:
- Form grabber for both HTTP and HTTPS sessions (Firefox, Google Chrome, Chromium, Aurora and Ice Weasel)
- Block list preventing access to specified hosts
- Backdoor, backconnect and SOCKS5 proxy
- Anti-research tool box, which includes anti-VM, anti-sandbox and anti-debugger
Linux users, does this new trojan have you worried? Will you be rushing to install Windows? Tell me in the comments.
~ Brian Fagioli
No comments:
Post a Comment