Researchers recently found a notable backdoor malware variant written for Windows, macOS, and Linux that has gone unnoticed until now.
The discovery was made by researchers at the security company Intezer. They discovered the malware, which they named SysJoker, on the Linux servers of an educational institution. Not long after, versions for Windows and macOS also came to light. The researchers expect it to be a cross-platform remote access trojan (rat). The trojan is said to have been released at the end of last year.
Unique form of malware
The malware is unique for several reasons. First, malware is often written specifically for one operating system and not for three at the same time. In addition, the malware is built from scratch and uses four separate command-and-control servers.
The way the malware was installed is probably pretty sneaky. The current theory is that this was done via a rogue npm package or by using a rogue extension, which allowed the installation file to get onto a computer undetected. The malware’s creators probably weren’t aiming to exploit a flaw in the software, but wanted to get users to install the software themselves.
SysJoker is written in C++. The Linux and macOS versions, to date, have not been picked up by the VirusTotal malware search engine.
