THE HIGH-PROFILE Crisis Trojan is more dangerous than first thought, as it has now emerged that as well as infecting Mac computers, it is also capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives.
Crisis was originally uncovered in July targeting businesses with social engineering attacks that trick users into running a malicious Java applet.
Symantec has since revealed that the malware has more advanced capabilities, letting it search for and copy itself onto VMware virtual machine (VM) images on compromised computers.
Once on the VM images the malware can reportedly steal and intercept data from virtual machines including financial information.
"We've discovered it getting onto VM systems not via exploits but by copying itself into the VM code," Symantec senior security response manager Peter Coogan told The INQUIRER.
"We haven't seen this before [...] they're increasing the amount of information the spyware can gather."
Symantec also reported discovering the malware installing rogue modules on Windows Mobile devices connected to compromised systems, though the purpose of the modules remains unknown.
Coogan went on to clarify that Crisis "is incredibly complex and likely created by an advanced group", warning that its full capabilities remain unknown.
Despite its sophisticated nature, Crisis is believed to have infected a number of systems. Kaspersky Lab has reported discovering the malware on 21 systems located in Italy, Mexico, Iran, Turkey, Iraq, Oman, Brazil, Kazakhstan, Kyrgyzstan and Tajikistan, said Kaspersky Lab malware expert Sergey Golovanov. µ
Sign up for INQbot – a weekly roundup of the best from the INQ