Posts Tagged ‘Trojans’

Hand of a Thief is a new malware in the world of Linux operating systems that’s targeting user’s bank accounts. According AVAST antivirus, the malware is a Linux Trojan that was first discovered on August 7th by RSA researchers and was named ‘Hand Of Thief’. This trojan is quite interesting – first it’s targeting only Linux operating systems (about 15 different flavors) and second, it’s targeting bank accounts of the affected users. Security experts found out that the trojan is capable of gaining back-door entry on Linux specific browsers and can grab data entered in forms. In addition, it’s equipped with anti-virtualization and anti-monitoring techniques. The level of sophistication of this malware has surprised the security experts and it can be compared to the infamous FlashBack trojan that affected Apple’s OSX installations and Obad for Android in the recent times.

slide. ​

Linux operating system, has been designed to offer high level of security for mission critical applications and even to the normal users. However, in the recent times, there were several attacks, or at least attempts, to gain access to the user computers. It looks like most of the malware was targeting sensitive information like banking credentials on compromised systems. Linux users should be aware of this trojan.

Source : crazyengineers.com

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation.

It detects if you’re running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249.

Karmina Aquino, a senior analyst with F-Secure said “All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively.”

The Windows one sends the following information back to the remote attacker’s CPU details, Disk details, Memory usage, OS version, and user name. The Trojan can also download a file and execute it, or open a shell to receive commands. ‘Graviton‘ is a combination of pure ‘C’ and ‘asm’.