Home Technology SysJoker: a malware for macOS, Windows and Linux that has been operating...

SysJoker: a malware for macOS, Windows and Linux that has been operating discreetly for months


A disturbing very discreet and cross-platform Trojan horse has just been spotted. Called SysJoker and highlighted by the security firm Intezer, it can target Windows, Linux and macOS. Worse still, it had been under the antivirus radar for a while. Linux and macOS versions have so far gone completely undetected by sites like VirusTotal, which scan files against a large number of antivirus engines.

Image: Intezer.

Intezer suspects SysJoker is masquerading as a system update, and estimates that it would have been launched in the second half of 2021. The malware is written in C++ while each version is tailored to the specific OS it runs on. target: the macOS file was notably signed. It was first discovered in an attack on a Linux web server. from a major educational institution “. While researchers have not been able to find how the virus spreads, it appears to be installing by forcing the user’s hand (for example, by downloading a compromised file).

Read:  Right to repair: Apple can do better, according to iFixit

On Windows, SysJoker will hide in the system folders as Intel software (igfxCUIService.exe for Intel Graphics Common User Interface Service) and can make sure to run on every boot. It collects MAC address, username, serial number and IP address. The thugs can then use it to issue commands from a distance.

For the researchers, this finding is important for several reasons: cross-platform malware of this type is rare, and this one was written from scratch. In other words, the people behind SysJoker are professionals with a lot of resources. In addition, Intezer teams have observed that hackers rely on four separate command and control servers. They were able to witness three server changes during their scans, which shows that the criminals are active and monitoring the infected machines.

Read:  M1 chips, opportunity or obstacle to make Macs gaming machines?

Now that SysJoker has been detected, we should see it appear in antivirus engines, which should make its detection on a large scale much easier. According to Intezer, the malware is aimed at espionage, which ” could also lead to a ransomware attack “. However, it would only target specific targets and the researchers explain that they did not see him go on the attack during their analyses.

Previous articleWill Operation Red Meat Save Boris Johnson’s Head?
Next articleParity in the governing bodies of sport: a bill examined in the Senate