SysJoker: Windows, Linux and macOS at Risk…

by

January 12, 2022

A newly discovered form of malware, called SysJoker poses a threat to the top three operating systems: Windows, Linux, and macOS. If exploited correctly SysJoker provides attackers with full access to compromised systems.

The malware was discovered by Intezer, a New York-based cybersecurity company. They found the malware while triaging an active attack last December.

According to research done by Intezer, the malware pretends to be a system update and generates its Command and Control (C2) by decoding a string retrieved from a text file hosted on Google Drive. Intezer saw the C2 change three times while investigating it, leading them to believe the attacker behind SysJoker is actively monitoring for infected devices.

You can read more about SysJoker at the link posted above or by clicking here: https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/

How do you beat SysJoker?

So far, outside of using Intezer’s detection product, “Intezer Protect,” we’re unsure. For Linux machines, there’s a free community edition that’ll do the job.

For Windows machines, they recommend their own Endpoint Scanning tool, which of course, is hidden behind a paywall. To use it you’ll have to sign up for a free trial. Security7 doesn’t know much about Intezer in general so as of right now we don’t recommend you do it.

Otherwise, you can follow these key steps via the use of memory scanners, endpoint detection, and response (EDR) platforms, as well as security information and event management (SIEM) platforms:

  1. Kill the processes related to SysJoker, delete the relevant persistence mechanism, and all files related to SysJoker.
  2. Make sure that the infected machine is clean by running a memory scanner.
  3. Investigate the initial entry point of the malware. If a server was infected with SysJoker during the course of this investigation, check:
  4. Configuration status and password complexity for publicly facing services, and
  5. Used software versions and possible known exploits.

Other than that, it’s all we know. There’s plenty of information in the linked blog post that can help you along the path. Beyond that, we’ll keep you informed here on the blog as new information becomes available.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects?

What Are Best Practices for Managing IT Projects? The Quick Take Managing IT projects effectively is crucial for ensuring success and maximizing ROI. Here are the best practices to follow: Define Clear Objectives and Scope: Set specific, measurable, achievable,...

What Is The Future of Managed IT Services?

What Is The Future of Managed IT Services?

What Is the Future of Managed IT Services? The Quick Take: The future of managed IT services for small and medium-sized businesses is bright, with the market expected to grow from $1.735 trillion to $2.173 trillion by 2028. Key trends driving this growth include:...

The Regulatory Outlook for 2025 and What That Means for Banking IT

The Regulatory Outlook for 2025 and What That Means for Banking IT

With a new administration coming in, 2025 promises to be a year of change. But will it significantly impact banking regulation and your bank’s cybersecurity? No one has a crystal ball, of course, but recent global outlooks for the banking industry seem to point to two...