Researchers have uncovered a never-before-seen backdoor written from scratch for systems running Windows, macOS, or Linux that remained undetected by virtually all malware scanning engines.
Researchers from security firm Intezer said they discovered SysJoker — the name they gave the backdoor — on the Linux-based Webserver of a “leading educational institution.” As the researchers dug in, they found SysJoker versions for both Windows and macOS as well. They suspect the cross-platform malware was unleashed in the second half of last year.
The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It is also unusual for previously unseen Linux malware to be found in a real-world attack.
SysJoker is written in C ++, and as of Tuesday, the Linux and macOS versions were fully undetected on the VirusTotal malware search engine. The backdoor generates its control-server domain by decoding a string retrieved from a text file hosted on Google Drive. During the time the researchers were analyzing it, the server changed three times, indicating the attacker was active and monitoring for infected machines.
Based on targeted organizations and the malware’s behavior, Intezer’s assessment is that SysJoker is after specific targets, most likely with the goal of “espionage together with lateral movement which might also lead to a ransomware attack as one of the next stages.”
Original Article reposted fromSource link
Disclaimer: The website autopost contents from credible news sources and we are not the original creators. If we Have added some content that belongs to you or your organization by mistake, We are sorry for that. We apologize for that and assure you that this won’t be repeated in future. If you are the rightful owner of the content used in our Website, please mail us with your Name, Organization Name, Contact Details, Copyright infringing URL and Copyright Proof (URL or Legal Document) aT spacksdigital @ gmail.com
I assure you that, I will remove the infringing content Within 48 Hours.