Security News > 2022 > January > ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
Dubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine.
A possible attack vector for SysJoker is an infected npm package, according to Intezer's analysis - an increasingly popular vector for dropping malware on targets.
To establish a connection with the C2, SysJoker first decodes a hardcoded Google Drive link using a hardcoded XOR key, researchers observed.
SysJoker can receive various commands, including "Exe," "Cmd," "Remove reg" and "Exit" - only two of which were enabled at the time of Intezer's analysis.
"SysJoker will receive a URL to a.ZIP file, a directory for the path the file should be dropped to and a filename that the malware should use on the extracted executable," according to Intezer.
Kill the processes related to SysJoker, delete the relevant persistence mechanism and all files related to SysJoker.
News URL
https://threatpost.com/undetected-sysjoker-backdoor-malwarewindows-linux-macos/177532/
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- The XCSSET info-stealing malware is back, targeting macOS users and devs (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)