SYSJOKER. Security experts have identified a new malware dubbed SysJoker that installs a backdoor on computers running Windows, macOS, and Linux. And which has not yet been detected by any antivirus…
The news is cause for concern. The security experts ofInteract, a New York company specializing in computer security, recently discovered malware with disturbing properties. This malicious software, which they baptized SysJoker, first of all has the particularity of being multi-platform: it indeed attacks both Windows computers, the most numerous, as well as macOS and Linux. Simply put, it works with all major operating systems. Then, and above all, it is practically undetectable with conventional tools. As Intezer researchers explain in their publication, SysJoker was reported by only 6 of the approximately 70 modules of VirusTotal, a website that scans suspicious files for free using powerful antivirus engines.
To put it another way, SysJoker slips through the cracks of practically all current protection solutions… It was only discovered quite late, and almost by chance, during the analysis of a server. Web Linux from a “leading educational institution”. According to experts, it enters computers by posing as a system update, via a cross-platform package manager (npm), or a shared library (DLL) for Windows that allows it to launch commands PowerShell. Sophisticated and daring techniques, which prove that its creators are not novices.
SysJoker: an undetectable malware with an as yet unknown purpose
SysJoker is not only terribly discreet: it is also very mysterious. Because it is obviously only at the beginning of its misdeeds. For the time being, it is content to install a backdoor (a back door, in the jargon). After a period of standby and observation during which he would collect various information on the infected machine, he connects to Google Drive to retrieve the address of the control servers, allowing him in particular to execute several commands (exe, cmd, remove_reg, exit) or install other malware. In short, no major damage for the moment but the worst is to be feared.
The most worrying thing is that we don’t know anything about the creators of SysJoker, nor their intentions. Is it to prepare a spy campaign, as Intezer experts assume, or to prepare ramsonware attacks by encrypting data to make it unusable unless a ransom is paid? No one knows yet. But cybersecurity specialists are worried about the appearance of this new malware, which is as discreet as it is powerful, and which is likely to endanger all computers, regardless of their operating system. It is just to be hoped that, now that the alert has been issued, antivirus and security solution vendors are quick to find a solution.