{"id":182731,"date":"2022-02-01T11:55:55","date_gmt":"2022-02-01T10:55:55","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=182731"},"modified":"2025-07-01T20:57:49","modified_gmt":"2025-07-02T03:57:49","slug":"sysjoker-malware","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/sysjoker-malware\/","title":{"rendered":"New malware SysJoker infects Windows, Mac, and Linux OS"},"content":{"rendered":"\n<p>It seems like malware threats aren\u2019t resting on their laurels in 2022 as another cybersecurity issue has arisen. <strong>Intezer researchers<\/strong> have <strong>discovered<\/strong> <strong>SysJoker<\/strong> that targets Windows, Mac, and Linux OS. Even if you have <a href=\"https:\/\/windows-11.en.softonic.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Windows 11<\/a>, it seems your PC may not be safe from being a target.<\/p>\n\n\n\n<p>While Intezer first discovered SysJoker in December 2021, the researchers took their time studying the cybersecurity threat. This new malware comes in the wake of <a href=\"https:\/\/chrome.en.softonic.com\/articles\/google-warning-chrome-security-flaws\" target=\"_blank\" rel=\"noreferrer noopener\">Google warning about new security flaws in Chrome<\/a> and <a href=\"https:\/\/telegram.en.softonic.com\/articles\/purple-fox-trojan-malware-telegram-installation\" target=\"_blank\" rel=\"noreferrer noopener\">Purple Fox becoming a trojan virus in fake Telegram downloads<\/a>. However, the new SysJoker seems to be more potent, finding a way to evade detection by Linux, Windows, and Mac operating systems.<\/p>\n\n\n\n<p>How SysJoker works is by<strong> remaining inactive for about two minutes<\/strong> before jumping into action. It creates a directory that looks like it belongs to an Intel graphics interface service while planting the file igfxCUIService.exe. From there, the malware uses Living off the Land (LOtL) functions, quietly gathering information about your device.<\/p>\n\n\n\n<p>In summary, the <strong>security threat invades your registry<\/strong> and creates a link to Google Drive where hackers can then drop any payload or malware onto your server or system. If you think your antivirus program will save you, think again. Intezer used 57 anti-malware tools, and SysJoker evaded them all.<\/p>\n\n\n\n<p>It\u2019s not the first malware to show signs of evasion in 2022. <a href=\"https:\/\/en.softonic.com\/articles\/moonbounce-malware-survives-os-reinstallations\" target=\"_blank\" rel=\"noreferrer noopener\">MoonBounce has found a way to survive OS reinstalls<\/a> by <strong>infecting the UEFI firmware<\/strong>. If there\u2019s anything we need to learn about cybersecurity this year, it\u2019s that we\u2019ll need to be more vigilant with what we browse, download and install. To that end, please read our <a href=\"https:\/\/en.softonic.com\/articles\/easy-free-ways-to-be-safe-online\" target=\"_blank\" rel=\"noreferrer noopener\">guide for easy steps to be safe online<\/a> this year.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It seems like malware threats aren\u2019t resting on their laurels in 2022 as another cybersecurity issue has arisen. Intezer researchers have discovered SysJoker that targets Windows, Mac, and Linux OS. Even if you have Windows 11, it seems your PC may not be safe from being a target. While Intezer first discovered SysJoker in December &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/sysjoker-malware\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;New malware SysJoker infects Windows, Mac, and Linux OS&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9205,"featured_media":182747,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[3149],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-182731","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionwindows-11"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/182731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9205"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=182731"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/182731\/revisions"}],"predecessor-version":[{"id":324466,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/182731\/revisions\/324466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/182747"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=182731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=182731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=182731"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=182731"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=182731"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=182731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}