Linux Banking Trojan

With Windows computers beset with banking Trojans, and Linux seen as a secure alternative, it was never going to be long before similar malware appeared for Linux: the user base may be small, but with those users doing their banking on Linux, the reward was likely to be worth the effort.

The RSA blog has the story of the Hand of Thief Linux banking Trojan.

The Trojan's sales agent (yes, there is such a person) has very kindly let Linux users who bank online know what to watch out for.

[I]n a conversation with the malware’s sales agent, he himself suggested using email and social engineering as the infection vector.

I suppose the usual suspects will claim that this shows the need for an anti-virus program on Linux (again), but I still don't believe that is necessary. Not installing Linux executables from untrusted sources remains the key to security, and I have no information yet about detection rates for this Trojan.

Update: the avast! Blog has an analysis of the Trojan,  with links to a VirusTotal analysis, showing which AV programs detect the malware (avast! being one , of course).