Beware of this malware that traps antivirus!

Researchers have discovered a new type of computer malware that attacks all three major operating systems. By pretending to be a system update, it manages to avoid detection.

You will also be interested

<path d="m58.606949,115.914l90.889514,-109.634c3.410272,-4.184 8.054131,-6.28 13.91367,-6.28c5.868493,0 10.509367,2.093 13.91765,6.28l90.890509,109.634c4.921416,5.905 5.771994,12.371 2.554719,19.414c-3.409277,7.044 -8.904709,10.566 -16.476348,10.566l-54.537489,0l0,182.723l90.890509,0c3.030247,0 5.397939,1.048 7.10208,3.142l45.446747,54.816c2.272188,2.854 2.649228,6.19 1.137089,9.996c-1.517113,3.433 -4.26085,5.14 -8.239169,5.14l-199.955538,0c-2.656192,0 -4.827902,-0.852 -6.533038,-2.562c-1.702151,-1.715 -2.55273,-3.901 -2.55273,-6.571l0,-246.681l-54.535499,0c-7.575618,0 -13.063092,-3.521 -16.477343,-10.566c-3.406292,-6.85 -2.551735,-13.322 2.564668,-19.417z"/> [EN VIDÉO] Ransomware: how does it work and how to prevent it? Ransomware or ransomware is malicious program that prevents the victim from accessing the contents of their files in order to extort money from them.

New malware has been discovered that attacks Windows, macOS, and Linux as well. The intruder was spotted in December on a web server Linux of an educational institution by cybersecurity researchers to enter . They named it SysJoker for its ability to masquerade as a system update in order to avoid detection.

Researchers submitted a sample of the malware to the VirusTotal site, which allows files to be scanned by more than 70 antivirus software. None succeeded in detecting the Linux and macOS versions. For the Windows version, only six antiviruses reported a problem.

Towards a ransom demand? On Windows, SysJoker uses an "injector" (or dropper) in the form of a DLL library in order to enter the system. It is this one which will then install the malware strictly speaking. Once in place, it launches commands in Windows PowerShell to download the compressed (ZIP) folder containing the program, unzip it, and run it. Once started, SysJoker pauses for a random duration of 90 to 120 seconds. Then it creates the folder C:ProgramDataSystemData and registers there under the name igfxCUIService.exe in order to impersonate the Intel graphics driver.

The program then connects to a Google Drive link to download a text file containing the address of the order servers and Control (C&C), which will send it instructions to install other malware or execute commands. According to the researchers, this file has been updated several times since they monitored it, showing that its author is still active. From his behavior, it appears that the malware targets specific targets. The researchers believe that its purpose is first to spy on its victims, and that the next step could be an attack of the type ransomware .