A scary backdoor is out there right now, targeting Windows, Linux, and macOS. SysJoker malware can cause serious damage by hiding from detection.
SysJoker was first discovered by security researchers at Intezer, who then published an extremely detailed breakdown of the malware, how damaging it can be, and what it does. The report is very informative and I recommend it to anyone who is interested in the details.
If you’d like the shorter version, we’ll break down the information and make it easier to understand. Variants are intended to attack Linux, Windows, and MacOS. It creates a series of files and registry commands that eventually allows it to install other malware, run commands on the infected device, or command the backdoor to remove itself.
The steps for getting these vary depending on which operating system you are using. For example, on Windows, there’s a first-stage dropper in the form of a DLL that doesn’t exist on the other two operating systems. The end result is almost the same regardless of OS.
Because this malware has managed to evade antivirus software (for now), you’ll have to check manually to see if any of the created files are there. The folks at Bleeping Computer have a detailed breakdown of where to find the files and what to do if you’re infected.
Basically, if you find the files outlined in the link above, kill all processes related to the malware and manually delete the files. To fix security holes, run a memory scan to verify that all files have been removed from your computer.
Now that the backdoor malware has been fully reported and detailed, you can expect antivirus software to get an update that’ll allow them to start detecting SysJoker as it would any