SysJoker malware is a new type to be wary of. It can be used to attack Windows, Mac, and Linux systems. This makes it extremely dangerous. This strain is designed to cause chain infections (infect systems with additional malicious programs).
Researchers at Intezer, largest genetic threat database company, are credited with locating the malware during an investigation into an attack against a Linux Server in December 2021. The group was able to obtain examples of SysJoker virus for their analysis.
This malware strain is programmed in C++ and cleverly bypasses detection by all three Operating Systems. It is so clever at hiding from detection, none of the 57 antivirus programs tested and approved by Intezer researchers could detect it.
SysJoker may appear innocent by nature, but it is intentionally designed to be. SysJoker sole purpose is to establish a foothold in a target network.
Once there it will sleep for two minutes before creating a brand new directory and then copy itself to that directory all the while disguised as an Intel Graphics Common User Interface Service.
According to the Intezer Report, this is the next step
"...SysJoker uses Living off the Land to collect information about the computer. SysJoker records the commands' results using temporary text files," Intezer reports.
'These text files are immediately deleted, stored in a JSON object and then encoded and written to a file named "microsoft_Windows.dll"."
When that is done, the malware creates persistence by adding a new registry key. All functions to this point can be subject to random sleep times.
Finally, it will connect via a link to Google Drive to the actor-controlled command server. Hackers can install any payload on the infected system once the connection has been established.
SysJoker has not been detected by any major antivirus software. It can infect Windows, Mac, or Linux systems. This virus is worth monitoring.
If all of this sounds scary to you - it should. Integrated Technology Systems is here to help your company fight the latest malware threat. Call us today to see how we can keep you cyber secure.
Popular Messaging App Purple Fox Trojan delivers Malware
Minerva Labs employs a research team in house that works with the Malware Hunter Team.
After discovering Purple Fox, a Trojan, they published a warning.
Now, the Trojan group distributes their malicious code disguised through a Telegram installation.
Telegram is just one of the many online messaging services you may not be familiar with. Trojan has been around at least since 2018, and hackers have attempted many ways to infect unaware computers using their malicious code.
Telegram is an innovative disguise agent. The group is also trying to reduce the size of their malware. Researchers found that this malware is more likely to be detected. Alarmingly, only a few AV engines are capable of detecting Purple Fox installations.
Purple Fox's team doesn't rest on their laurels. Their code is continually improved with new functionality. Trend Micro discovered a new.net-backdoor called "Fox Socket" in their code last October (2021). Guardicore Labs found another version of the code that had wormlike capabilities. This is how it spread quickly.
You can get it in both 32-bit or 64-bit versions. In 2022, the Purple Fox could be a danger to the environment.
It's still early days so we don't know what other unpleasant surprises hackers made during the holidays. We need to be aware that Purple Fox is a problem.
