![]() ![]() Both the macOS and Linux samples are fully undetected in VirusTotal. ![]() The malware is written in C++ and each sample is tailored for the specific operating system it targets. A possible attack vector for this malware is via an infected npm package.īelow we provide a technical analysis of this malware together with IoCs and detection and response mitigations. SysJoker was uploaded to VirusTotal with the suffix. Based on victimology and malware’s behavior, we assess that SysJoker is after specific targets. During our analysis the C2 changed three times, indicating the attacker is active and monitoring for infected machines. ![]() SysJoker masquerades as a system update and generates its C2 by decoding a string retrieved from a text file hosted on Google Drive. Based on Command and Control (C2) domain registration and samples found in VirusTotal, we estimate that the SysJoker attack was initiated during the second half of 2021. After further investigation, we found that SysJoker also has Mach-O and Windows PE versions. SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. The Linux and Mac versions are fully undetected in VirusTotal. In December 2021, we discovered a new multi-platform backdoor that targets Windows, Mac, and Linux. Vermilion Strike, which was documented just last September, is among the latest examples until now. Malware targeting multiple operating systems has become no exception in the malware threat landscape. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |