The areas of Israeli-Palestinian conflict they are, at least temporarily, in a phase of respite. Despite this, the war continues to rage in the digital context.
In fact, computer security researchers have identified and cataloged the work of one backdoor call SysJokerlikely exploited by an attacker somehow connected with Hamas to attack Israel.
Malware, written in language Rusthas been analyzed and cataloged by experts at Check Point. The same researchers discovered how it is using OneDrive to store dynamic C2 URLs. This is new as when the backdoor was discovered in January 2022, it was used for this purpose Google Drive.
Several features of SysJoker are of concern to cybersecurity experts. First of all is its nature multiplatformwhich makes the malicious agent capable of acting on all the main operating systems in circulation.
SysJoker is a cross-platform backdoor that exploits OneDrive during its activities
Furthermore, the backdoor adopts a highly effective evasive tactic, with the infection phases taking place at random time intervalsdisorienting analysis techniques sandbox.
Furthermore, according to the researchers, the change from Google Drive to OneDrive has allowed cybercriminals to create a bit of confusion, useful for having a small advantage over those dealing with cybersecurity. Not only that: among the SysJoker samples analyzed in Windows environment, small differences in behavior were noted. This means that, in all likelihood, hackers are working to propose different variants of the malware.
The case of the use of cyber attacks in the context of the war between Israel and Palestine (and beyond) is certainly nothing new. In fact, just a few days ago, researchers discovered that Hamas was exploiting the malware BiBi of Iranian origin to attack the Israeli army.