Researchers have discovered a new type of computer malware that attacks all three major operating systems. By pretending to be a system update, it manages to avoid detection.
New malware has been discovered that attacks Windows, macOS, and Linux as well. The intruder was spotted in December on a web server . They named it SysJoker for its ability to masquerade as a system update in order to avoid detection.of an educational institution by cybersecurity researchers
Researchers submitted a sample of the malware to the VirusTotal site, which allows files to be scanned by more than 70 antivirus software. None succeeded in detecting the Linux and macOS versions. For the Windows version, only six antiviruses reported a problem.
Towards a ransom demand?
On Windows, SysJoker uses an “injector” (or dropper) in the form of a DLL library in order to enter the system. It is this one which will then install thestrictly speaking. Once in place, it launches commands in Windows PowerShell to download the compressed (ZIP) folder containing the program, unzip it, and run it. Once started, SysJoker pauses for a random duration of 90 to 120 seconds. Then it creates the folder C:ProgramDataSystemData and registers there under the name igfxCUIService.exe in order to impersonate the Intel graphics driver.
The program then connects to a Google Drive link to download a text file containing the address of theand Control (C&C), which will send it instructions to install other malware or execute commands. According to the researchers, this file has been updated several times since they monitored it, showing that its author is still active. From his behavior, it appears that the targets specific targets. The researchers believe that its purpose is first to spy on its victims, and that the next step could be an attack of the type .