Security News > 2022 > January > ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS
Dubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine.
A possible attack vector for SysJoker is an infected npm package, according to Intezer's analysis - an increasingly popular vector for dropping malware on targets.
To establish a connection with the C2, SysJoker first decodes a hardcoded Google Drive link using a hardcoded XOR key, researchers observed.
SysJoker can receive various commands, including "Exe," "Cmd," "Remove reg" and "Exit" - only two of which were enabled at the time of Intezer's analysis.
"SysJoker will receive a URL to a.ZIP file, a directory for the path the file should be dropped to and a filename that the malware should use on the extracted executable," according to Intezer.
Kill the processes related to SysJoker, delete the relevant persistence mechanism and all files related to SysJoker.
News URL
https://threatpost.com/undetected-sysjoker-backdoor-malwarewindows-linux-macos/177532/
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)
- Fake AI video generators infect Windows, macOS with infostealers (source)
- Researchers unearth two previously unknown Linux backdoors (source)