![]() ![]() Looking at its command-and-control (C2) domain registration and other sample data, this trickster appears to have been cooked up in the second half of 2021, they added.Ī possible attack vector for SysJoker is an infected npm package, according to Intezer’s analysis – an increasingly popular vector for dropping malware on targets. ![]() ![]() It was first seen in December during a cyberattack on a Linux-based web server of a “leading educational institution,” researchers said. This kind of initial access is also a hot commodity on underground cyberforums, where ransomware groups and others can purchase it. Once installed, it can execute follow-on code as well as additional commands, through which malicious actors can carry out follow-on attacks or pivot to move further into a corporate network. These were uploaded to VirusTotal with the suffix “.ts,” which is used for TypeScript files.ĭubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine. The Windows version, according to a Tuesday writeup from Intezer, has only six detections as of this writing. A brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar with Linux and Mac versions going fully undetected in VirusTotal, researchers warned. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |