After being in oblivion for a while, the Xpiro family of file infectors is back with a bang—and this time with some notorious capabilities. Not only does the new variant infect 32-bit files, it also has broadened its scope of infection to 64-bit files. The infections are cross-platform (a 32-bit Xpiro variant can infect a 64-bit executable file, and vice versa) and persistent in nature. Additionally, this virus has also enhanced its information stealing capabilities by adding Firefox and Chrome extensions to monitor browser sessions.
Cross-infection and persistence
While we have seen cross-infectors in the past, Xpiro is the first widespread family of infectors which implements this feature. This new variant can infect executable files from the following architectures:
- Intel 386 (32-bit)
- Intel 64 (64-bit)*
- AMD64 (64-bit)
The creators of Xpiro are looking to infect a...