v3.co.uk: The Windows version of the Crisis Trojan is far more dangerous than first thought, being capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, research has revealed.
Crisis was originally uncovered targeting businesses with social engineering attacks that trick users into running a malicious Java applet in July.
Symantec has since revealed that the malware has more advanced capabilities, letting it search for and copy itself onto VMware virtual machine images on compromised computers.
Once on the images the malware can reportedly steal and intercept data from virtual machines including financial information.
“We’ve discovered it getting onto VM systems not via exploits but by copying itself into the VM code,” Symantec senior security response manager Peter Coogan told V3.
“We haven’t seen this before […] they’re increasing the amount of information the spyware can gather.”
As well as its VMware capabilities, Symantec also reported discovering the malware installing rogue modules on Windows Mobile devices connected to compromised systems, though the purpose of the modules remains unknown.
Coogan went on to clarify that Crisis “is incredibly complex and likely created by an advanced group”, warning that its full capabilities remain unknown.
Despite its sophisticated nature, Crisis is believed to have infected a select number of systems. Kaspersky Lab has reported discovering the malware on 21 systems located in Italy, Mexico, Iran, Turkey, Iraq, Oman, Brazil, Kazakhstan, Kyrgyzstan and Tajikistan, said Sergey Golovanov, Kaspersky Lab malware expert.