Crisis is the name of a cross-platform malware that is attacking more operating systems than expected. Here’s how it works and how to recognize it.
In the black book of viruses, malware, and cyber threats, the name “Crisis” doesn’t sound new: it’s a malware discovered some time ago, intent on undermining Mac defenses.
However, we learn today that Crisis has “evolved” and become more insidious than anticipated: the malware has indeed become cross-platform.
This means it can infect multiple operating systems indiscriminately, starting with Mac OS X, then moving on to Windows Mobile, and even virtual machines.
A formidable mutation, therefore, especially considering that some of the objectives pursued by its creators are not yet clear and its code is rather complex.
The entry method of the malware has been ascertained: Crisis offers its download disguised as an update for the Adobe Flash Player plugin.
At this point, the installation begins, which in reality doesn’t concern Flash, but rather the component that “activates” Crisis.
Once activated, the malware’s first step is to scan email, record everything typed on the PC or smartphone, and naturally save the user’s browsing history.
Not only that: inside Crisis, an autorun.inf file has been discovered that also infects all devices connected via USB port to an already compromised device. This way, its spread begins to become truly rapid and entirely unwitting.
What is most curious about this virus’s behavior is its operation on virtual machines: in this case, Crisis can act even when the system is not running. It only targets files, via VMWare Fusion, and therefore in this case, there’s no need to execute anything.
Crisis currently represents a concrete threat and should not be underestimated, but it is certainly still contained, as far as we know at the moment.
Be the first to comment