A scary backdoor is out there right now, targeting Windows, Linux, and macOS. This SysJoker malware is so frightening because it’s very good at evading detection, giving it the ability to do damage without the user noticing.
SysJoker was first discovered by security researchers at Intezer, who then published an extremely detailed breakdown of the malware, how damaging it can be, and what it does. If you’re curious about all of the gritty details, I highly suggest reading the report, as it’s quite enlightening.
If you want the short version, we’ll break it down and make it a little easier to digest. Basically, variants are designed to target either Linux, Windows, or MacOS. It creates a series of files and registry commands that eventually allows it to install other malware, run commands on the infected device, or command the backdoor to remove itself.
The steps to get these are a little different depending on the operating system. For example, on Windows, there’s a first-stage dropper in the form of a DLL that doesn’t exist on the other two operating systems. However, regardless of the OS, the end result is more or less the same.
Because this malware has managed to evade antivirus software (for now), you’ll have to check manually to see if any of the created files are there. The folks at Bleeping Computer have a detailed breakdown of where to find the files and what to do if you’re infected.
Basically, if you find the files outlined in the link above, kill all processes related to the malware and manually delete the files. Next, run a memory scanner to see that all files have been uprooted from your computer, and look into possible ways SysJoker could have infected your system to fix security holes.
Now that the backdoor malware has been fully reported and detailed, you can expect antivirus software to get an update that’ll allow them to start detecting SysJoker as it would any other malware. In the meantime, be safe when downloading anything to your computer, regardless of what operating system you’re running.