Joker download the new version for mac1/19/2024 ![]() ![]() “Based on victimology and malware’s behavior, we assess that SysJoker is after specific targets.” “During our analysis the C2 has changed three times, indicating the attacker is active and monitoring infected machines,” researchers noted in the report. Meanwhile, it generates its C2 by decoding a string retrieved from a text file hosted on Google Drive. Once it finds a target, SysJoker masquerades as a system update, researchers said, to avoid suspicion. If one of these building blocks is malicious, it can be pulled into any number of apps, ready to strike any users of those infected projects. Npm and other public code repositories are centralized developer communities where coders can upload and download building blocks for building applications. Looking at its command-and-control (C2) domain registration and other sample data, this trickster appears to have been cooked up in the second half of 2021, they added.Ī possible attack vector for SysJoker is an infected npm package, according to Intezer’s analysis – an increasingly popular vector for dropping malware on targets. It was first seen in December during a cyberattack on a Linux-based web server of a “leading educational institution,” researchers said. This kind of initial access is also a hot commodity on underground cyberforums, where ransomware groups and others can purchase it. Once installed, it can execute follow-on code as well as additional commands, through which malicious actors can carry out follow-on attacks or pivot to move further into a corporate network. These were uploaded to VirusTotal with the suffix “.ts,” which is used for TypeScript files.ĭubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine. ![]() The Windows version, according to a Tuesday writeup from Intezer, has only six detections as of this writing. A brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar with Linux and Mac versions going fully undetected in VirusTotal, researchers warned. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |