This dangerous malware affects nearly all devices, and somehow remained undetected until now

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

Cybersecurity researchers have uncovered a Remote Access Trojan (RAT), that’s been flying under antivirus programs’ radars for at least half a year and targeting, at least, education institutions.

As reported by Ars Technica, the RAT’s been dubbed SysJoker by researchers from Intezer who discovered it. When they first discovered it, on a Linux-based Webserver belonging to a “leading educational institution”, they learned it was written from scratch.

They don’t know who built it, when they built it, or how they distribute it. Their best guess is that it was built in the second half of last year, by an advanced threat actor with “significant resources”. They came to this conclusion knowing the fact that fully cross-platform malware, with four separate C2 servers, are a rare sight.

Removing SysJoker

As for the distribution, they speculate that the educational institution in question installed it on its endpoint through a malicious npm package. They are confident the attackers did not exploit any flaws in the target’s systems, but rather tricked somebody into installing it. There’s a good chance the attackers aren’t casting a wide net, but are rather engaged in “ espionage together with lateral movement which might also lead to a ransomware attack as one of the next stages,” against specific targets.

The malware is written in C++, and is yet to be added to the VirusTotal malware search engine. It also seems to be quite potent, as it can create files, add registry commands, install further malware, run commands on the infected device, or even shut itself off.

As the RAT is yet to be added to the virus database, system administrators who discover the infection need to remove the malware manually. According to iTechPost, that’s a three-step process: 1) eliminate the malware’s persistence mechanism, manually delete all the affected files and kill all the malware-related programs; 2) run a memory scanner to ensure all malicious files have been removed; 3) check if all software tools are updated, tighten up firewall settings, and investigate possible access points.

Via: Ars Technica

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
Close up of the Linux penguin.
A new Linux backdoor is hitting US universities and governments
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Juniper VPN gateways targeted by stealthy "magic" malware
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode