Multiplatform spy works its way to smartphones and VMs


End of July, viruses, researchers have discovered a Trojan called Crisis (also known as Morcut), spying the users of Windows and Mac OS X in many ways. The pest installs a backdoor and then hides using rootkit functions on the system. Crisis brings extensive espionage functions, listen to some Skype calls, intercept keystrokes and wiretapping webcam.

The anti-virus company Symantec has now found that the pest under Windows still has some other interesting tricks up its sleeve: So should make Crisis in search of VMware images to and infect with a copy of itself. In addition to the Trojans about the so-called Remote Application Programming Interface (RAPI) install modules to devices running Windows Mobile, the precursor to Microsoft's current smartphone platform, Windows Phone. What exactly can the modules align there is not yet clear - they have not yet found their way into Symatecs virus lab.

Spread the virus was revealed through social engineering using the Java file AdobeFlashPlayer.jar, which was signed with a self-signed VeriSign. If you run the file and ignores caused by the self-signed certificate error, either a payload for Windows or Mac OS X is done - depending on what kind of system the file was started.

It is noticeable that the spying program was previously spotted by any of the major anti-virus vendors in the wild. The samples have been uploaded by the antivirus service VirusTotal, which she left to the virus labs. The low incidence suggests that the spy was used only for specific missions, of similar to the commercial modular FinSpy Finfisher Trojans. According to Dr. Web is at the recent discovery of the remote control system, also known as Da Vinci Italian company hacking team.

The manufacturer advertises his espionage tool as "hacking suite for government surveillance" and promises the product brochure (PDF), among other things, that it is to wiretap Skype calls is. In addition to Windows and Mac OS X to Da Vinci also support iOS, Android, BlackBerry, Symbian and Linux. If you enlarge the screenshots included in the brochure, it is clear that apparently Da Vinci can also spy on the whereabouts of the persons monitored.

No comments:

Post a Comment