Novel SysJoker backdoor malware targets Windows, macOS, and Linux

A new multi-platform malware managed to fly under the radar of Linux and macOS detection systems.

A team of researchers at Intezer claim to have identified a multi-platform backdoor targeting major operating systems.

Dubbed ‘SysJoker,’ the backdoor was discovered in the wild, attacking a Linux-based server of a leading educational institution. A further investigation showed that the SysJoker attack started sometime in the second half of 2021.

According to the report, SysJoker disguises as a system update and generates its command and control (C2) infrastructure ‘by decoding a string retrieved from a text file hosted on Google Drive.’

Based on the selection of targets, malware operators are thought to be after a specific set of institutions.

Under the radar

Researchers found that the malware is written in C++, with each sample tailored to the specific OS it targets.

Worryingly, macOS and Linux samples are fully undetected in VirusTotal, an online malware scanning site providing aggregates data.

The SysJoker backdoor allows threat actors to execute follow-on code and additional commands that can penetrate corporate networks.

Backdoors are sought after in the cyber underworld. Initial access brokers sell their services to ransomware groups within the cybercrime ecosystem.

A backdoor can serve as a tool to gather intelligence on an organization as well as a way to deploy extortion malware.

“Based on the malware’s capabilities, we assess that the goal of the attack is espionage together with lateral movement which might also lead to a Ransomware attack as one of the next stages,” claim reports’ authors.

Intezer advises organizations to scan their machines and provides a guide on detection and response.

More from CyberNews:

Hackers steal $18.7 million from Animoca Brands' sports NFT platform

KCodes NetUSB vulnerability: millions of routers exposed to RCE attacks

Fears of cyberattacks increase amid remote work arrangements: report

Nervos integrates with Pastel Network to protect from NFT scams and hacks

Novel scam employs QR codes and crypto ATMs

Subscribe to our newsletter