Linux and macOS samples of SysJoker malware were found to be fully undetected on VirusTotal.
The IT security researchers at Israel-based cybersecurity firm Intezer have identified a novel multi-platform backdoor malware that’s targeting all mainstream operating systems, including Windows, macOS, and Linux.
Researchers believe it could be the work of an advanced threat actor. Intezer claims that the first evidence of this malware, dubbed SysJoker, was discovered in December 2021 in an attack against a Linux-based web server of an unidentified, well-known educational institution.
SysJoker Technical Analysis
In their report, Intezer researchers Ryan Robinson, Avigayil Mechtinger, and Nicole Fishbein wrote that SysJoker disguises itself as a system update and establishes its C2 server by decoding “a string retrieved from a text file hosted on Google Drive.” It might be having some specific targets.
Based on victimology and malware’s behavior, researchers assess that SysJoker is after specific targets. Further probe revealed that the attacks involving SysJoker started in mid-2021.
The malware is written in C++, and each sample is designed to target a specific operating system. The backdoor establishes initial access on the targeted device, and after getting installed, it executes follow-on