• The new “SysJoker” backdoor. MacOS, Linux, Windows are vulnerable

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » The new “SysJoker” backdoor. MacOS, Linux, Windows are vulnerable

    • This topic has 4 replies, 3 voices, and was last updated 4 months ago.
    Author
    Topic
    #2418552

    New SysJoker Backdoor Targets Windows, Linux, and macOS

    ..In December 2021, we discovered a new multi-platform backdoor that targets Windows, Mac, and Linux. The Linux and Mac versions are fully undetected in VirusTotal. We named this backdoor SysJoker.

    SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation, we found that SysJoker also has Mach-O and Windows PE versions. Based on Command and Control (C2) domain registration and samples found in VirusTotal, we estimate that the SysJoker attack was initiated during the second half of 2021.

    SysJoker masquerades as a system update and generates its C2 by decoding a string retrieved from a text file hosted on Google Drive. During our analysis the C2 changed three times, indicating the attacker is active and monitoring for infected machines. Based on victimology and malware’s behavior, we assess that SysJoker is after specific targets…

    ..The malware is written in C++ and each sample is tailored for the specific operating system it targets. Both the macOS and Linux samples are fully undetected in VirusTotal..

    2 users thanked author for this post.
    Viewing 0 reply threads
    Author
    Replies
    • #2418560

      Fully undetected?

      13 vendors identify it according to this 3 day old article40 today.

      cheers, Paul

      2 users thanked author for this post.
      • #2418588

        Is that .dll from the Linux or Mac version?

        Windows 10 Pro version 21H2 build 19044.1682 + Microsoft 365 (group ASAP)

      • #2418618

        Not according to this Virustotal test from Jan. 11

        • #2419393

          SysJoker run now natively on M1 Macs.

          We may still be waiting for some developers to update their apps to run natively on M1 Macs, but the developer of SysJoker Mac malware is already on the case.

          Security researcher Patrick Wardle points to what he says is the first Mac malware of 2022, and it runs on both Intel and M1 Macs. SysJoker can be controlled remotely by an attacker, allowing it to be used in many different ways …..

    Viewing 0 reply threads
    Reply To: The new “SysJoker” backdoor. MacOS, Linux, Windows are vulnerable

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.