HomeUpdateThe ongoing espionage campaign has a new cross-platform background “SysJoker”.

The ongoing espionage campaign has a new cross-platform background “SysJoker”.


We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 12/01/2022 by Nidhi Khandelwal

As part of an ongoing espionage campaign that began in the second half of 2021, a new cross-platform backdoor known as “SysJoker” has been discovered targeting workstations running Windows, Linux, and macOS operating systems.

The ongoing espionage campaign has a new cross-platform background “SysJoker”. 1

Intezer researchers Avigayil Mechtinger, Ryan Robinson, and Nicole Fishbein wrote in a technical write-up advertising their results, “SysJoker poses as a system update and builds its [command-and-control server] by decoding a string received from a text file housed on Google Drive.” “We believe SysJoker is after certain targets based on victimology and virus behavior.”

The implant was initially identified in December 2021 during an active attack against a Linux-based web server belonging to an unnamed educational institution, according to the Israeli cybersecurity firm, which attributed the activity to an advanced threat actor.

SysJoker is a C++-based malware that is distributed by a dropper file from a remote server and is designed to collect information about the compromised host, such as the MAC address, user name, physical media serial number, and IP address, which is then encoded and sent back to the server.

The ongoing espionage campaign has a new cross-platform background “SysJoker”. 2

Furthermore, connections to the attacker-controlled server are established by extracting the domain’s URL from a hard-coded Google Drive link that hosts a text file (“domain.txt”), allowing the server to relay instructions to the machine, allowing the malware to run arbitrary commands and executables, and then beamed back the results.

“The fact that the code was created from scratch and hasn’t been seen previously in other attacks [and] we haven’t seen a second stage or instruction delivered from the attacker […] shows that the attack is specific,” the researchers wrote.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...