The Hand of Thief banking malware that targets Linux machines is being sold on the Russian black market. It is currently being marketed for $2,000 USD (€1,500 EUR) but could be poised to run a cool $3,000 – plus an extra $550 per version release – if the malware evolves the way researchers expect it to.

According to a blog Wednesday by Limor Kessem, from RSA’s FraudAction research lab, Hand of Thief allows hackers to grab information from forms on HTTP and HTTPS and block access to specified hosts.

The Trojan works on Firefox, Google Chrome, as well as Linux browsers like Chromium, Aurora and Ice Weasel. It also works on distributions such as Ubuntu, Fedora, Debian and desktop options such as Gnome and KDE.

“Nobody knows yet how many computers are going to get infected every time there’s a campaign,” Kessem said. “You don’t have the same fraud economy that backs up Linux; for Windows you have people selling exploit packs galore, it’s a service industry that doesn’t exist for Linux.”