Security News > 2022 > January > ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
Dubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine.
A possible attack vector for SysJoker is an infected npm package, according to Intezer's analysis - an increasingly popular vector for dropping malware on targets.
To establish a connection with the C2, SysJoker first decodes a hardcoded Google Drive link using a hardcoded XOR key, researchers observed.
SysJoker can receive various commands, including "Exe," "Cmd," "Remove reg" and "Exit" - only two of which were enabled at the time of Intezer's analysis.
"SysJoker will receive a URL to a.ZIP file, a directory for the path the file should be dropped to and a filename that the malware should use on the extracted executable," according to Intezer.
Kill the processes related to SysJoker, delete the relevant persistence mechanism and all files related to SysJoker.
News URL
https://threatpost.com/undetected-sysjoker-backdoor-malwarewindows-linux-macos/177532/
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking (source)
- Linux malware “perfctl” behind years-long cryptomining campaign (source)
- Linux systems targeted with stealthy “Perfctl” cryptomining malware (source)
- New FASTCash malware Linux variant helps steal money from ATMs (source)
- New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)