SysJoker is a new backdoor that affects Windows, Mac and Linux: how to protect yourself

An extremely rare and dangerous new malware has been discovered: it is cross-platform, and it is not detected by antiviruses. There is currently no protection.

Both the modern hardware and software that we use is becoming more and more secure, but cyber criminals they manage to stay one step ahead.

The security firm Intezer has discovered a new malware who has baptized with the name of SysJoker. Is a RAT, that is to say, a Trojan that is controlled remotely, extremely rare and dangerous :fIt runs on Windows, Mac and Linux, and antiviruses do not detect it.

Intezer has located it on a Linux server from a “leading educational institution“, as reported Ars Technica, and together with researcher Patrick Wardle have also found versions for Mac and Windows. It is believed to be active since the middle of last year.

The most worrying thing is that anti-malware software like VirusTotal is not able to detect it. It has also been created from scratch in C++, and makes use of four different command and control servers, which indicates that who is behind, has a powerful infrastructure.

The Trojan SysJoker it is installed as a .ts file, and according to Patrick Wardle on Mac it could be installed hidden in a streaming video.

There is no evidence of how it is installed, but everything indicates that it must be installed on computers, either intentionally or hidden in other software. That is, it does not take advantage of vulnerabilities to enter.

At the moment, little else is known. Everything indicates that it is an espionage Trojan with the ability to copy files and steal data, designed for very specific attacks at a political or industrial level.

There is no protection against it because antiviruses do not detect it. But now that it has been discovered, it is to be expected that it will be included in future updates of major anti-malware tools.