This malware can be extended to four different environments: Mac, Windows, virtual machines and Windows Mobile. It is an advanced threat, not just because of its functioning but for its capability of spreading.
OSX. Crisis can spread in three different ways: trying to copy itself and a file named autorun.inf in a removable disk drive, getting into a VMware virtual machine, and the last one is by putting modules in a device with Windows Mobile.
In virtual environments, this malware looks for a VMware virtual machine ´s image of the infected computer and if it finds it, the image is mounted and then copied by using VMware Player tool. Although this threat does not find the vulnerability in the VMware software, it takes advantage of an attribute that of the software virtualization: the virtual machine is simply a file or set of files on the disk of the host machine. These files can be usually handled or mounted directly, even when the virtual machine is not running as the above mentioned case.
This may be the first malware that spreads in a virtual machine. Many threats, to avoid being analyzed, stop or finish when they find a control application on the virtual machine such as VMware. Thus, this may be the next step for malware authors.
