"Fully Undetected SysJoker Backdoor Malware Targets Windows, Linux & macOS"

Security researchers at Intezer have discovered a new malware dubbed SysJoker. The brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar, with Linux and Mac versions going fully undetected in VirusTotal. The Windows version, according to the researchers, has only six detections. These were uploaded to VirusTotal with the suffix ".ts," which is used for TypeScript files. SysJoker is used to establish initial access on a target machine. Once installed, it can execute follow-on code as well as additional commands, through which malicious actors can carry out follow-on attacks or pivot to move further into a corporate network. This kind of initial access is also a hot commodity on underground cyberforums, where ransomware groups and others can purchase it. The researchers stated that SysJoker was first seen in December during a cyberattack on a Linux-based web server of a "leading educational institution." Its command-and-control (C2) domain registration and other sample data show that this malware appears to have been created in the second half of 2021.

Threatpost reports: "Fully Undetected SysJoker Backdoor Malware Targets Windows, Linux & macOS"