Security News > 2022 > January > ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
Dubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine.
A possible attack vector for SysJoker is an infected npm package, according to Intezer's analysis - an increasingly popular vector for dropping malware on targets.
To establish a connection with the C2, SysJoker first decodes a hardcoded Google Drive link using a hardcoded XOR key, researchers observed.
SysJoker can receive various commands, including "Exe," "Cmd," "Remove reg" and "Exit" - only two of which were enabled at the time of Intezer's analysis.
"SysJoker will receive a URL to a.ZIP file, a directory for the path the file should be dropped to and a filename that the malware should use on the extracted executable," according to Intezer.
Kill the processes related to SysJoker, delete the relevant persistence mechanism and all files related to SysJoker.
News URL
https://threatpost.com/undetected-sysjoker-backdoor-malwarewindows-linux-macos/177532/
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile (source)
- Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- The XCSSET info-stealing malware is back, targeting macOS users and devs (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)
- New Auto-Color Linux backdoor targets North American govts, universities (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)