Mysterious Malware for Windows, Mac and Linux

Sisjoker. Security experts have identified a new malware called SysJoker that installs a backdoor on computers running Windows, macOS and Linux. And which no antivirus has detected yet…

The news is a matter of concern. Security experts at Integer, a New York-based company specializing in computer security, recently discovered malware with troubling properties. This malicious software, which he baptized SysJoker, is the first to have the distinction of being multi-platform: it actually attacks Windows computers, most commonly, as well as both macOS and Linux. Simply put, it works with all major operating systems. Again, and above all, it is practically undetectable with conventional equipment. As the researchers at Integer explain in their post, SysJoker was flagged by only 6 out of about 70 modules from VirusTotal, a website that uses powerful antivirus engines to scan suspicious files for free.

To put it another way, SysJoker slips through the cracks of practically all existing security solutions… It was discovered quite late, and almost by chance, during an analysis of just one server. Web Linux from a “leading educational institution”. According to experts, it enters the computer as a system update via the cross-platform package manager (npm), or a shared library (DLL) for Windows that allows it to launch PowerShell commands. Sophisticated and daring techniques, which prove that its creators are not novices.

SysJoker: an undetectable malware with an as yet unknown purpose

SysJoker is not only very intelligent: it is also very mysterious. Because apparently it happens only at the beginning of its misdeeds. For the time being, it is material to install the back door (a back door, in jargon). After a period of standby and observation, during which he will collect various information on the infected machine, he connects to Google Drive to retrieve the address of the control server, allowing him to execute a number of commands, notably ( exe, cmd, remove_reg, exit) or other malware. In short, there is no major damage at the moment but the worst thing is that it needs to be feared.

Most worryingly, we don’t know anything about the creators of SysJoker, nor about their intentions. Is it to create an espionage operation, as Integer experts believe, or to prepare Ramsonware attacks by encrypting the data to make it unusable until the ransom is paid? Nobody knows yet. But cybersecurity experts are concerned about the presence of this new malware, which is as intelligent as it is powerful, and which could put all computers at risk, regardless of their operating system. It is to be expected that, now that the alert has been issued, antivirus and security solution vendors are quick to find solutions.


Leave a Reply

Your email address will not be published. Required fields are marked *