1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This dangerous malware affects nearly all devices, and somehow re

    From TechnologyDaily@1337:1/100 to All on Mon Jan 17 16:15:04 2022
    This dangerous malware affects nearly all devices, and somehow remained undetected until now

    Date:
    Mon, 17 Jan 2022 15:51:36 +0000

    Description:
    A new RAT affects Windows, macOS and Linux devices, but has gone under the radar.

    FULL STORY ======================================================================

    Cybersecurity researchers have uncovered a Remote Access Trojan (RAT), thats been flying under antivirus programs radars for at least half a year and targeting, at least, education institutions.

    As reported by Ars Technica, the RATs been dubbed SysJoker by researchers
    from Intezer who discovered it. When they first discovered it, on a Linux-based Webserver belonging to a leading educational institution, they learned it was written from scratch.

    They dont know who built it, when they built it, or how they distribute it. Their best guess is that it was built in the second half of last year, by an advanced threat actor with significant resources. They came to this
    conclusion knowing the fact that fully cross-platform malware , with four separate C2 servers, are a rare sight. Removing SysJoker

    As for the distribution, they speculate that the educational institution in question installed it on its endpoint through a malicious npm package. They are confident the attackers did not exploit any flaws in the targets systems, but rather tricked somebody into installing it. Theres a good chance the attackers arent casting a wide net, but are rather engaged in espionage together with lateral movement which might also lead to a ransomware attack
    as one of the next stages, against specific targets.

    The malware is written in C++, and is yet to be added to the VirusTotal malware search engine. It also seems to be quite potent, as it can create files, add registry commands, install further malware, run commands on the infected device, or even shut itself off.

    As the RAT is yet to be added to the virus database, system administrators
    who discover the infection need to remove the malware manually. According to iTechPost , thats a three-step process: 1) eliminate the malwares persistence mechanism, manually delete all the affected files and kill all the malware-related programs; 2) run a memory scanner to ensure all malicious files have been removed; 3) check if all software tools are updated, tighten up firewall settings, and investigate possible access points. You might also want to check out our list of the best business VPN out there

    Via: Ars Technica



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-dangerous-malware-affects-nearly-all-devic es-and-somehow-remained-undetected-until-now/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)