Called SysJoker, none of VirusTotal’s security engines currently detect cross-platform malware. SysJoker was discovered by Intezer researchers during an active attack on a Linux-based web server belonging to a leading educational institution.
SysJoker masquerades as a system update and creates its command and control (C2) by decoding a string from an article file hosted on Google plus Drive, Intezer teaches. It was found that C2 was never incessant, which means that the attacker periodically monitors the infected machines. The security company concluded that the malware was directed at specific targets.
Essentially, SysJoker creates a sequence of registry and command files that allow it to perform commands on the terminated device, dispose of other malware, or even arrange for the backdoor to be removed. The attack was reportedly carried out by an “anticipated threat actor”, depending on the skills of the malware. Intezer adds that the purpose of the attack is to spy with a flank move that could likely lead to a ransomware attack as among the next steps.
An older example of cross-platform malware targeting Windows, macOS, and Linux was detected by the same researchers in January of last year. Called ElectroRAT, the malicious operation was quite elaborate in its mechanism, consisting of a marketing campaign, custom cryptocurrency-related apps, and a RAT remote access tool.
Remember that it is always better to take certain precautions to protect yourself from malicious software. Do not download pirated software or electronic media from unreliable sources. Avoid clicking on suspicious links or attachments in suspicious emails, always check the Internet address first.
