SysJoker Backdoor malware giving you sleepless nights? Read to find out what our experts suggest.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team is ready to help customers with SysJoker backdoor infection.

SysJoker Backdoor

If you have been following the latest happenings in the technology world, you may have already heard about SysJoker, a new multi-platform malware. According to our leading experts on Cybersecurity at Bobcares, this malware attacks via undetected backdoors in Windows, Mac as well as Linux.

The first new backdoor was noticed in December 2021 by a security software firm. The SysJoker is likely to have begun in late 2021 based on an analysis of the commands and control (C2) domain enrollment and samples.

In a nutshell, it first establishes access on the machine and then lies in waiting for additional code to start executing.

Modus Operandi: Sysjoker

With each version of the malware targeting different operating systems differently, we need to take at each one in detail.

SysJoker works differently for each operating system. It starts with a first-stage dropper in the Windows version. In other words, the dropper is a DLL. The DLL utilizes a Powershell to download the SysJoker zip from the GitHub repository then unzip it via “C: ProgramDataRecoverySystem” and ultimately executes the payload.

After installation, SysJoker has the ability to execute follow-on code and additional commands that will carry out attacks or move further into the network. The initial access makes SysJoker something to watch out for.

Once it collects system and network data, SysJoker creates a new registry key, HKEY CURRENT USERSoftwareMicrosoftWindowsCurrentVersionRun. At this point, the malware weaves in random sleep periods among all functions.

By now, SysJoker has control over a backdoor to the C2 server via a Google Drive link.

The link has the domain.txt file that is responsible for keeping a server available for Live Beacon for hackers. In fact, the list is up-to-date to bypass blocking and detection.

At this point, C2 can now instruct the malware to deliver further malware, as well as execute commands on the machine. In fact, it can also remove the backdoor from the device. Interestingly, the last two commands have not come into effect yet.

How to stay clear of SysJoker Backdoor Malware

Here are a few tips to stay safe from this malware:

• Kill all processes tied to SysJoker and remove every relevant persistence mechanism and file.
• Run the memory scanner to verify the device is clean.
• Check the first entry point backdoor for infection. If infected:
  • Check the configuration status as well as password complexity immediately for all publicly facing services.
  • Check every software version and known exploits

If you have been unlucky enough o fall victim to SysJoker, our Support Team is here to help.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, our skilled Support Engineers at Bobcares demonstrated how to manage SysJoker backdoor attacks.