A new multi-platform backdoor malware named 'SysJoker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems.
The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a Linux-based web server.
The first uploads of the malware sample on VirusTotal occurred in H2 2021, which also aligns with the C2 domain registration times.
The security analysts have now published a detailed technical report on SysJoker, which they shared with Bleeping Computer before publication.
The malware is written in C++, and while each variant is tailored for the targeted operating system, they are all undetected on VirusTotal, an online malware scanning site that uses 57 different antivirus detection engines.
The malware then sleeps for up to two minutes before creating a new directory and copies itself as an Intel Graphics Common User Interface Service ("igfxCUIService.exe”).