SysJoker: Windows, Linux and macOS at Risk…


January 12, 2022

A newly discovered form of malware, called SysJoker poses a threat to the top three operating systems: Windows, Linux, and macOS. If exploited correctly SysJoker provides attackers with full access to compromised systems.

The malware was discovered by Intezer, a New York-based cybersecurity company. They found the malware while triaging an active attack last December.

According to research done by Intezer, the malware pretends to be a system update and generates its Command and Control (C2) by decoding a string retrieved from a text file hosted on Google Drive. Intezer saw the C2 change three times while investigating it, leading them to believe the attacker behind SysJoker is actively monitoring for infected devices.

You can read more about SysJoker at the link posted above or by clicking here:

How do you beat SysJoker?

So far, outside of using Intezer’s detection product, “Intezer Protect,” we’re unsure. For Linux machines, there’s a free community edition that’ll do the job.

For Windows machines, they recommend their own Endpoint Scanning tool, which of course, is hidden behind a paywall. To use it you’ll have to sign up for a free trial. Security7 doesn’t know much about Intezer in general so as of right now we don’t recommend you do it.

Otherwise, you can follow these key steps via the use of memory scanners, endpoint detection, and response (EDR) platforms, as well as security information and event management (SIEM) platforms:

  1. Kill the processes related to SysJoker, delete the relevant persistence mechanism, and all files related to SysJoker.
  2. Make sure that the infected machine is clean by running a memory scanner.
  3. Investigate the initial entry point of the malware. If a server was infected with SysJoker during the course of this investigation, check:
  4. Configuration status and password complexity for publicly facing services, and
  5. Used software versions and possible known exploits.

Other than that, it’s all we know. There’s plenty of information in the linked blog post that can help you along the path. Beyond that, we’ll keep you informed here on the blog as new information becomes available.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...