Remote Access Trojan

SysJoker

First seen: 2021 • Status: active

Currently Active Threat

SysJoker is a sneaky backdoor that works on any operating system and hides its communication in normal cloud services.

Overview

SysJoker is a cross-platform backdoor that targets Windows, Linux, and macOS. It uses legitimate cloud services for C2 and has been linked to APT operations.

Also Known As

Sys Joker

How It Spreads

  • Targeted attacks
  • Spear phishing
  • Supply chain compromise

What It Does

  • Cross-platform backdoor
  • Cloud service C2
  • System reconnaissance
  • Command execution
  • File operations

Is your business exposed?

Target Platforms

Windows, Linux, macOS

Detection Tips

  • Monitor for SysJoker indicators
  • Check for unusual cloud service usage
  • Analyze cross-platform infections
  • Review command execution patterns

MITRE ATT&CK Techniques

T1059, T1102, T1082, T1105

If You're Infected

  1. 1.

    Remove SysJoker from all platforms

  2. 2.

    Investigate APT involvement

  3. 3.

    Review cloud service access

  4. 4.

    Conduct threat hunt

Related Malware

Pupy, Crosswalk, Adwind

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices