Crisis malware targets VMWare virtual machines
Researchers have uncovered a single espionage malware attack that is capable of infecting multiple platforms, including computers running the Windows and Mac OS X operating systems, Windows-powered mobile devices, and VMware virtual machines.
When Ars first chronicled the trojan backdoor known as Morcut last month, we reported that it turned Macs into remote spying devices that were capable of intercepting e-mail and instant-message communications and using internal microphones and cameras to spy on people in the vicinity of the machine. Since then, researchers have developed a more comprehensive view of the malware, which is known by the name "Crisis." A JAR, or Java archive, file that masquerades as a legitimate Adobe Flash installer allows attacks to infect a much wider variety of platforms, including virtual machines, which many people use to protect themselves from infection when performing online banking or while researching malicious websites.
"This may be the first malware that attempts to spread onto a virtual machine," Takashi Katsuki, a researcher with antivirus provider Symantec, wrote in a blog post published on Monday. "Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors."
