A malware called SysJoker is stalking Windows, Linux and macOS users. This malware is quite scary because it is so good at avoiding detection and has destructive capabilities without the user knowing.
SysJoker was first discovered by security researchers at Intezer in 2021. They then revealed how vicious this malware is when it infects devices.
Like a backdoor, SysJoker provides hackers with a spy weapon that sneaks in on victims' devices and manipulates activities secretly without the user's knowledge.
"Based on the capabilities of this malware, we judged that the purpose of the attack was espionage," the Intezer report said.
After finding the target, SysJoker disguised itself as a system update, the researchers said, to avoid suspicion. Meanwhile, it generates C2 by decoding a string taken from a text file hosted on Google Drive.
"During our analysis, C2 was transformed three times, indicating active attackers and monitoring infected machines. Based on the victimology and behavior of the malware, we assessed SysJoker as pursuing specific targets," the researchers wrote in the report.
John Hammond, senior security researcher at Huntress, added that Intezer's analysis on SysJoker revealed recently discovered types of malware using some very clever tricks. For example, the process of determining the address of the command-and-control server that decodes Google Drive files. This method is considered effective considering that most users consider Google to be a trusted site.
"SysJoker offers the same risks as remote access Trojans on any other endpoint, be it a physical device on premises, or a server hosted in the cloud - this backdoor offers remote access to the target. It can lead to further post-exploits, such as ransomware, defacement, or any damage the threat actor may choose," Hammond said.
Harmmond advises always to be careful when downloading files online because no anti-virus software is perfect, even the best software and operating systems as hackers are becoming more sophisticated.