Friday, May 20, 2022
HomeCyber SecurityNew SysJoker Espionage Malware Focusing on Home windows, macOS, and Linux Customers

New SysJoker Espionage Malware Focusing on Home windows, macOS, and Linux Customers

A brand new cross-platform backdoor referred to as “SysJoker” has been noticed focusing on machines working Home windows, Linux, and macOS working techniques as a part of an ongoing espionage marketing campaign that is believed to have been initiated throughout the second half of 2021.

“SysJoker masquerades as a system replace and generates its [command-and-control server] by decoding a string retrieved from a textual content file hosted on Google Drive,” Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein famous in a technical write-up publicizing their findings. “Based mostly on victimology and malware’s habits, we assess that SysJoker is after particular targets.”

Automatic GitHub Backups

The Israeli cybersecurity firm, attributing the work to a sophisticated menace actor, mentioned it first found proof of the implant in December 2021 throughout an lively assault in opposition to a Linux-based net server belonging to an unnamed instructional establishment.

A C++-based malware, SysJoker is delivered through a dropper file from a distant server that, upon execution, is engineered to assemble details about the compromised host, akin to MAC handle, consumer title, bodily media serial quantity, and IP handle, all of that are encoded and transmitted again to the server.

Prevent Data Breaches

What’s extra, connections to the attacker-controlled server are established by extracting the area’s URL from a hard-coded Google Drive hyperlink that hosts a textual content file (“area.txt”), enabling the server to relay directions to the machine that permit the malware to run arbitrary instructions and executables, following which the outcomes are beamed again.

“The truth that the code was written from scratch and hasn’t been seen earlier than in different assaults [and] we’ve not witnessed a second stage or command despatched from the attacker […] means that the assault is restricted which normally matches for a sophisticated actor,” the researchers mentioned.


Most Popular

Recent Comments