Security News > 2022 > January > New SysJoker Espionage Malware Targeting Windows, macOS, and Linux Users
A new cross-platform backdoor called "SysJoker" has been observed targeting machines running Windows, Linux, and macOS operating systems as part of an ongoing espionage campaign that's believed to have been initiated during the second half of 2021.
"SysJoker masquerades as a system update and generates its by decoding a string retrieved from a text file hosted on Google Drive," Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein noted in a technical write-up publicizing their findings.
"Based on victimology and malware's behavior, we assess that SysJoker is after specific targets."
The Israeli cybersecurity company, attributing the work to an advanced threat actor, said it first discovered evidence of the implant in December 2021 during an active attack against a Linux-based web server belonging to an unnamed educational institution.
A C++-based malware, SysJoker is delivered via a dropper file from a remote server that, upon execution, is engineered to gather information about the compromised host, such as MAC address, user name, physical media serial number, and IP address, all of which are encoded and transmitted back to the server.
What's more, connections to the attacker-controlled server are established by extracting the domain's URL from a hard-coded Google Drive link that hosts a text file, enabling the server to relay instructions to the machine that allow the malware to run arbitrary commands and executables, following which the results are beamed back.
News URL
https://thehackernews.com/2022/01/new-sysjoker-espionage-malware.html
Related news
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Russian Espionage Group Targets Ukrainian Military with Malware via Telegram (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- New RustyAttr Malware Targets macOS Through Extended Attribute Abuse (source)