Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?


Malware & Threats

Reach of ‘Hand of Thief’ Banking Trojan Exceeds Grasp: RSA

Researchers at EMC’s RSA Security Division slapped down the ‘Hand of Thief’ [HoT] banking Trojan in an updated analysis of the malware’s capabilities.

Researchers at EMC’s RSA Security Division slapped down the ‘Hand of Thief’ [HoT] banking Trojan in an updated analysis of the malware’s capabilities.

RSA first noted the appearance of the malware in Russian cyber-underground marketplaces in late July. Shortly thereafter, RSA reported that the Trojan – which is focused on stealing information from machines running Linux – includes form grabbers and backdoor capabilities and was expected to “graduate to become full-blown banking malware in the very near future.”

Now however, in an updated analysis, the company said that the Trojan seems more like a prototype than a finished product.

“Our research and analysis shows that, in reality, HoT’s grabbing abilities are very limited if not absent, which would make the malware a prototype that needs a lot more work before it can be considered a commercially viable banking Trojan,” blogged Yotam Gottesman, senior security researcher at RSA FraudAction Research Labs.

“In his sales adverts, Hand of Thief’s developer explained that he is in the final stages of implementing the web-injection mechanism for the malware,” Gottesman added. “Researching the Trojan proved that no injections are currently in place, but the preparation for such a mechanism is.”

The infection method for the malware is still primitive, the researcher added, and Hand of Thief’s developer did not offer as recommended infection method other than sending the Trojan via email and using social engineering to trick the user into launching the malware on their machine.

Still, the Hand of Thief malware does have some elements attackers will covet. For example, the malware’s binary reveals it is packed to protect the actual malware from being discovered and blocked by security processes on the machine. In addition, before running on a machine, the malware tests whether or not it is running within a virtual environment.

In addition, like other commercially-available Trojans, Hand of Thief includes a builder that gives cyber-criminals the power to create new variants of the malware on demand.

Advertisement. Scroll to continue reading.

“Hand of Thief has come to the cybercrime underground at a time when commercial Trojans are high in demand, stirring some excitement amongst criminals,” Gottesman blogged. “Although it initially appeared to be a compelling new Trojan entrant, RSA’s in-depth analysis of the code proves it is a prototype more than true commercially viable malware, crashing the browsers on the infected machines and displaying overall inability to properly grab data. Furthermore, HoT can also be easily removed from the machine by deleting the files dropped during the HoT installation process.”

More on the Trojan can be found here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as its new CRO.

Identity orchestration provider Strata Identity has appointed Aldo Pietropaolo as Field CTO.

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights