A new multi-platform malware managed to fly under the radar of Linux and macOS detection systems.
A team of researchers at Intezer claim to have identified a multi-platform backdoor targeting major operating systems.
Dubbed ‘SysJoker,’ the backdoor was discovered in the wild, attacking a Linux-based server of a leading educational institution. A further investigation showed that the SysJoker attack started sometime in the second half of 2021.
According to the report, SysJoker disguises as a system update and generates its command and control (C2) infrastructure ‘by decoding a string retrieved from a text file hosted on Google Drive.’
Based on the selection of targets, malware operators are thought to be after a specific set of institutions.
Under the radar
Researchers found that the malware is written in C++, with each sample tailored to the specific OS it targets.
Worryingly, macOS and Linux samples are fully undetected in VirusTotal, an online malware scanning site providing aggregates data.
The SysJoker backdoor allows threat actors to execute follow-on code and additional commands that can penetrate corporate networks.
Backdoors are sought after in the cyber underworld. Initial access brokers sell their services to ransomware groups within the cybercrime ecosystem.
A backdoor can serve as a tool to gather intelligence on an organization as well as a way to deploy extortion malware.
“Based on the malware’s capabilities, we assess that the goal of the attack is espionage together with lateral movement which might also lead to a Ransomware attack as one of the next stages,” claim reports’ authors.
Intezer advises organizations to scan their machines and provides a guide on detection and response.
More from CyberNews:
Subscribe to our newsletter