Other meta data is also lifted, including the timestamp of when a user visits a website, the links of the websites a user visits, and possibly even the web browser’s cookie data. Once targeted information is acquired, it is then transported across the Internet to a command and control server for safekeeping. From there, the information is sold to cybercriminals who turn around and steal money from the victim’s debit or credit card.
There are also other mechanisms attributed to this malicious Trojan. One, for example, prevents users from accessing anti-virus (AV) apps and their corresponding websites. This type of manipulation is implemented by exploiting Internet domain name system addresses that reside in memory, as opposed to overt tactics like modifying records within a host file. Hand of Thief attacks, in general, are prevalent in web browsers—particularly those like Chromium, Arora and others associated with Linux platforms. Research has uncovered that through browsers alone, the Hand of Thief Trojan has impacted at least fifteen (15) different Linux desktop distributions, including Ubuntu, Fedora and Debian.
Of these environments, the Hand of Thief Trojan is compatible with just eight (8). This is partially because the threat is considered by most experts to be a work in progress—in spite of its obvious growth and maturing of key properties. In order to be installed and used effectively as an attack, the Hand of Thief Trojan must have root access and an applicable password (generally lifted from a form). If a user, for whatever reason, fails to enter a password, then the Trojan cannot add itself to the machine.
Other ways to help protect against the Hand of Thief Trojan include caution when installing free software and avoiding the installation of packages that are unsigned. The latter can be achieved by restricting administrative privileges and delegating a select few for installing software on your machine. It is also good practice to avoid adding unofficial repositories without first investigating them. Finally, keeping a system and its browsers up-to-date with patches and critical upgrades is a surefire way to avoid any malware infection, in general.
The Hand of Thief Trojan, like most malware, was designed by criminals, for criminals. Linux operating systems are arguably more susceptible than any other platform, but any machine, in theory, which is connected to a network is also at risk. But by sticking with official repositories and updated software, users can drastically reduce their chances of becoming infected. Additionally, the use of antivirus (AV) software as a preventive measure will stem the Hand of Thief Trojan from worming its way into your system.