Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Malware

Crisis Malware Threatens Virtual Machines

Paul Anderson by Paul Anderson
August 26, 2012 - Updated on June 4, 2022
in Malware
1
76
SHARES
1.3k
VIEWS
Share on FacebookShare on Twitter

Lately, news is circulating on the web that a Windows version of the Crisis Malware is able to infect VMware virtual machines.

You might also like

Syslogk Linux Rootkit triggers with magic packets

BlackCat Ransomware aka “ALPHV” infections on the rise

State-sponsored Iranian Hackers utilize .NET DNS Backdoor in new Attack

The malware has been detected on VMware virtual machines on compromised hosts and it is able to copy itself onto an image by using a VMware Player tool.

What is important is to clarify is that the malware doesn’t exploit any vulnerability in the virtualization engine, but uses the mechanism of storage of local files that could be manipulated by malicious applications.

In many cases, the malware designers implemented a feature that made them inactive when the host is a virtual machine to avoid being discovered and analyzed.

Takashi Katsuki of Symantec explained in his blog post:

“Many threats will terminate themselves when they find a virtual machine monitoring application, such as VMware, to avoid being analyzed, so this may be the next leap forward for malware authors. It also has the functionality to spread to Windows Mobile devices by dropping modules onto Windows Mobile devices connected to compromised Windows computers”

Crisis Malware is an agent used to spy on victims by intercepting communications, and it is able to open a backdoor on the infected host once the user executes a Java archive (JAR) file made to look like an Adobe Flash Installer.

The malware has been developed for several OSs, and last month a Mac version had been isolated.

The malware has a long history, one of the oldest versions was detected during the Arab Spring when it was spread to spy on journalists, and it has been also been adopted by groups of criminals with the intent to steal banking credentials.

Lysa Myers from Intego’s Mac Security Blog clarified that the malware could infect a virtual machine only after being executed on an infected host. Outside of a virtual machine, it’s not possible to infect an image of a virtual environment without compromising the PC first.

This characteristic makes the trojan harder to detect especially in the absence of security protections in the virtualized environment.

Assuming we have malware that is able to infect different environments such as Mac, Windows, virtual machines, and Windows Mobile, that represents an innovation for the way it spreads to the targets it attacks… we must not underestimate it!

Tags: Crisis MalwaremalwareVirtual MachineVM
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Syslogk Linux Rootkit triggers with magic packets

by Christi Rogalski
June 19, 2022 - Updated on June 20, 2022
0
Syslogk Linux Rootkit triggers with magic packets

Avast researchers have spotted a Linux rootkit that has the ability to hide malicious processes. The new Linux rootkit, called Syslogk, works by using magic packets to activate...

Read more

BlackCat Ransomware aka “ALPHV” infections on the rise

by Kyle
June 16, 2022
0
BlackCat Ransomware aka “ALPHV” infections on the rise

As the ransomware-as-a-service (RaaS) industry grows, more ransomware players come into the mix. BlackCat, also known as ALPHV, is a growing ransomware threat with the ability to target...

Read more

State-sponsored Iranian Hackers utilize .NET DNS Backdoor in new Attack

by Kyle
June 12, 2022
0
Lycaeum APT DNS hijacking backdoor

An Advanced Persistent Threat (APT) hacking group based out of Iran going by the name Lycaeum has been seen using a .NET-based DNS backdoor to target organizations within...

Read more

Emotet Banking Trojan Re-Emerges After Take Down by Law Enforcement

by Paul Anderson
June 10, 2022
0
Emotet Banking Trojan 2022

Botnet Emotet has re-emerged after being taken down by a multinational joint task force operation in January 2021. The developers behind Emotet have been given credit as one...

Read more

LuoYu Hacker Collective using New Techniques to Deploy WinDealer Backdoor

by Kyle
June 8, 2022
0
LuoYu Windealer advanced persistent threat actor

Researchers at Kaspersky Labs have discovered a new attack by Advanced persistent threat (APT) actor LuoYu utilizing the known malware WinDealer. WinDealer has the unique ability to perform...

Read more
Next Post
AVG 2013 product line launched

AVG 2013 product line launched

Related News

Google Chrome Extension fingerprinting source

Google Chrome exposes user extensions to fingerprinting

July 1, 2022
Downthem DDoS Service owner sentenced

Downthem DDoS service owner gets a 2-year prison sentence

June 30, 2022
Cloudflare record breaking DDoS

Cloudflare Stops Record-Breaking DDoS

June 29, 2022
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
    • Tools
  • Data Breaches
  • Malware
  • Privacy
  • Contact Us

© 2022 ZeroSecurity, All Rights Reserved.