Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Crisis Malware Able to Hijack Virtual Machines

Researchers Say Crisis May be the First Malware that Attempts to Spread Onto a Virtual Machine

Researchers Say Crisis May be the First Malware that Attempts to Spread Onto a Virtual Machine

Crisis, the malware that was discovered last month in a repository, is unique in that it has several features, including the ability to infect Windows and Macintosh installations. However, on the Windows side, Crisis can also target VM images Symantec says, making the malware two times the threat it once was.

Symantec, building on analysis from security firms such as Kaspersky Lab and Intego, discovered that the JAR file that is used to infect a given system has an additional payload for Windows.

Mac OS X Malware

“The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device,” Symantec explained in a blog post.  

“This may be the first malware that attempts to spread onto a virtual machine. Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors.”

When it comes to Windows Mobile, Symantec says they are still looking for actual examples of the modules. They have the proof that Crisis has the ability to target WinMo, but the modules themselves are not available.

Every security firm in the world who has a tie to the Virus Total submission list got a copy of Crisis. It would appear that the authors submitted it in order to see how well (or poorly) it was detected.

While the malware itself hasn’t been used in any widespread attack, and most vendors have basic detections for it, the developers have upped the stakes it seems when it comes to attack vectors.

Advertisement. Scroll to continue reading.

Additional coverage on Crisis is here and here.   

Related Reading: Report Examines Code Behind Crisis Trojan Targeting Mac OS X

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...