Mac malware Crisis can spread to different environments
Posted on 21.08.2012
Nearly a month ago a number of security companies have analyzed a new Mac Trojan that opens a backdoor into the affected computer and spies on the user by monitoring mouse coordinates, instant messenger apps, the built-in webcam and microphone, clipboard contents, pressed keys, calendar data and alerts, address book contents, URLs visited by the user, and other things.

The malware - dubbed Crisis or Morcut - was not spotted in the wild, but received by the security researcher from VirusTotal in the form of a JAR file, the analysis of which revealed that it contained a .class file named WebEnhancer, and two installers - one for Windows and the other for OS X.

Symantec's researchers have continued analyzing the file, and have recently discovered that the Windows version of the threat uses three methods to spread itself: to a removable disk drive, to a VMware virtual machine, and to a Windows Mobile device.

Unlike the majority of other malware that terminates itself when it detects a VMware virtual machine image on the compromised computer in order to avoid being analyzed, this one mounts the image and then copies itself onto the image by using a VMware Player tool.

Also, the threat is capable of spreading to Windows Mobile devices by dropping modules onto devices connected to compromised Windows computers, but does not affect Android or iPhone devices.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th