What you need to know
- Intezer researchers discovered a multi-platform backdoor malware back in December 2021.
- They've now shared their findings via a report that analyzes the malware, dubbed SysJoker, and how it interacts with three different operating systems: Mac, Windows, and Linux.
- They found VirusTotal cannot detect the threat SysJoker poses to Mac and Linux.
Though serious threats to Windows are a dime-a-dozen occurrence, it's not quite as common for a genuinely dangerous piece of malware to snap at Linux, Mac, and Windows simultaneously. And in some ways, the new threat found by Intezer is even sneakier on the two non-Windows operating systems, since VirusTotal can't sniff the threat for the Linux and Mac variants.
Researchers at Intezer first caught wind of the malware back in December 2021. They named the backdoor SysJoker. As backdoors do, it gives attackers an espionage weapon with which to surreptitiously infiltrate systems and manipulate their operations. But what makes this particular backdoor a cut above the rest is its ability to go after all three of the big operating systems out there.
Intezer deduced SysJoker is the product of an "advanced threat actor," and hinted at potential ransomware dangers down the line. "Based on the malware's capabilities we assess that the goal of the attack is espionage together with lateral movement which might also lead to a Ransomware attack as one of the next stages," Intezer's report reads.
SysJoker disguises itself as a system update, one that's capable of fooling VirusTotal if you're dealing with the Mac and Linux variants. In other words, stay frosty when it comes to scanning diligence — no one scanner is perfect, and even the best of them have blindspots in the ever-evolving struggle to combat malware.