CySecurity News – Latest Information Security and Hacking Incidents
A new multi-platform backdoor malware known as ‘SysJoker’ has been discovered in the wild, targeting Windows, Linux, and macOS and capable of evading detection on all three platforms. SysJoker was identified during an active attack on a renowned educational institution’s Linux-based web server.
Researchers discovered that SysJoker also has Mach-O and Windows PE versions after further examination. They believe that the SysJoker attack began in the second half of 2021, based on C2 domain registration and samples detected in VirusTotal.
SysJoker disguises itself as a system update and creates its C2 by decoding a string from a text file housed on Google Drive. The C2 changed three times during Intezer’s analysis, showing that the attacker was active and monitoring for affected machines.
Intezer believes SysJoker is targeting certain targets based on victimology and malware behavior. SysJoker was submitted to VirusTotal with the TypeScript file extension .ts. An infected npm package could be used as an attack vector for this malware.
The malware is written in C++, and while each variant is customized for the targeted operating system, they all go undetected by VirusTotal, a malware scanning website that employs 57 different antivirus detection engines. On Windows, SysJoker deploys a first-stage dropper in the form of a DLL that uses PowerShell commands to perform tasks such as fetching the SysJoker ZIP from a GitHu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: