The malware - dubbed Crisis or Morcut - was not spotted in the wild, but received by the security researcher from VirusTotal in the form of a JAR file, the analysis of which revealed that it contained a .class file named WebEnhancer, and two installers - one for Windows and the other for OS X.
Symantec's researchers have continued analyzing the file, and have recently discovered that the Windows version of the threat uses three methods to spread itself: to a removable disk drive, to a VMware virtual machine, and to a Windows Mobile device.
Unlike the majority of other malware that terminates itself when it detects a VMware virtual machine image on the compromised computer in order to avoid being analyzed, this one mounts the image and then copies itself onto the image by using a VMware Player tool.
Also, the threat is capable of spreading to Windows Mobile devices by dropping modules onto devices connected to compromised Windows computers, but does not affect Android or iPhone devices.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.