Security News > 2022 > January > New SysJocker backdoor targets Windows, macOS, and Linux
A new multi-platform backdoor malware named 'SysJocker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems.
The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a Linux-based web server.
The malware is written in C++, and while each variant is tailored for the targeted operating system, they are all undetected on VirusTotal, an online malware scanning site that uses 57 different antivirus detection engines.
Execute the payload. The malware then sleeps for up to two minutes before creating a new directory and copies itself as an Intel Graphics Common User Interface Service.
After gathering system and network data, the malware will create persistence by adding a new registry key.
From there, the C2 may instruct the backdoor to install additional malware, run commands on the infected device, or command the backdoor to remove itself from the device.
News URL
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Fake AI video generators infect Windows, macOS with infostealers (source)
- Researchers unearth two previously unknown Linux backdoors (source)
- Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor (source)
- Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)