Backdoor for Windows, macOS, and Linux went undetected until now


Researchers have uncovered a never-before-seen backdoor written from scratch for systems running Windows, macOS, or Linux that remained undetected by virtually all malware scanning engines.

Researchers from security firm Intezer said they discovered SysJoker — the name they gave the backdoor — on the Linux-based Webserver of a “leading educational institution.” As the researchers dug in, they found SysJoker versions for both Windows and macOS as well. They suspect the cross-platform malware was unleashed in the second half of last year.

The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It is also unusual for previously unseen Linux malware to be found in a real-world attack.

Analyses of the Windows version (by Intezer) and the version for Macs (by researcher Patrick Wardle) found that SysJoker provides advanced backdoor capabilities. Executable files for both the Windows and macOS versions had the suffix .ts. Intezer said that may be an indication the file masqueraded as a type script app spread after being sneaked into the npm JavaScript repository. Intezer went on to say that SysJoker masquerades as a system update.

Wardle, meanwhile, said the .ts extension may indicate the file masqueraded as video transport stream content. He also found that the macOS file was digitally signed, though with an ad-hoc signature.

SysJoker is written in C ++, and as of Tuesday, the Linux and macOS versions were fully undetected on the VirusTotal malware search engine. The backdoor generates its control-server domain by decoding a string retrieved from a text file hosted on Google Drive. During the time the researchers were analyzing it, the server changed three times, indicating the attacker was active and monitoring for infected machines.

Based on targeted organizations and the malware’s behavior, Intezer’s assessment is that SysJoker is after specific targets, most likely with the goal of “espionage together with lateral movement which might also lead to a ransomware attack as one of the next stages.”


Original Article reposted fromSource link

Disclaimer: The website autopost contents from credible news sources and we are not the original creators. If we Have added some content that belongs to you or your organization by mistake, We are sorry for that. We apologize for that and assure you that this won’t be repeated in future. If you are the rightful owner of the content used in our Website, please mail us with your Name, Organization Name, Contact Details, Copyright infringing URL and Copyright Proof (URL or Legal Document) aT spacksdigital @ gmail.com

I assure you that, I will remove the infringing content Within 48 Hours.

Leave a Reply

Your email address will not be published. Required fields are marked *

Tech

How to Cross-Reference in Microsoft Word

To help your readers quickly move on to your content, you can use the Cross-Reference section in Microsoft Word. This allows your audience to simply click and navigate to the content of this document. In contrast Insert Link section in Word which gives you the opportunity to link to other places in your writing, the […]

Read More
Tech

How Technology Has Added Different Ways of Winning at Online

Online slots have enjoyed great popularity in recent years, as the technology used on casino sites has allowed developers to incorporate a wide range of content. Here are some suggestions on how to look or get an appointment for antique items. Find a List of Similar Symbols Since the days of the very first input […]

Read More
Tech

Airline CEOs Freak Out Over 5G Despite Limited Evidence Of Real World Harm

from everyone-take-it-easy dept We already know that the FAA exists push to set limits on 5G transmission in some cases for security reasons. The problem: The FCC, an organization with expertise in disrupting spectrums, has repeatedly stated that the concerns are baseless based on the FCC’s own investigation. The whole controversy has been heated, the […]

Read More