Top 5 This Week

Related Posts

Rust-based SysJoker Backdoor

Getting your Trinity Audio player ready...

Rust-based SysJoker Backdoor: A New Wave of Malware Targeting Multiple Platforms

The emergence of Rust-based SysJoker malware marks a significant threat to users across Windows, Linux, and Mac platforms. Initially identified by Intezer in 2022, this multi-platform backdoor has been utilized in targeted attacks by a Hamas-affiliated APT against Israel. Notably, SysJoker demonstrates a shift in tactics, including the use of OneDrive for dynamic C2 (command and control server) URLs, bypassing traditional reputation-based services.

Evolution of SysJoker

Recent findings by Checkpoint researchers shed light on the Rust-based SysJoker backdoor, showcasing its complex execution flow. The malware, known for its unpredictable sleep intervals, possibly employs these as anti-analysis tactics. SysJoker’s OneDrive usage enables attackers to effortlessly update the C2 server address, posing a significant challenge for cybersecurity efforts.

The malware’s capability to gather crucial system information like Windows version, username, and MAC address has been noted. However, the latest Rust version shows a deviation from its predecessors, lacking the ability to download and execute remote files.

Windows Variants of SysJoker

Two additional SysJoker samples have been discovered, displaying increased complexity compared to the Rust variant. These samples, written in C++, involve a multi-stage execution flow, indicating an evolution in the malware’s development.

Link to Hamas Hackers and Operation Electric Powder

The connection between the SysJoker backdoor and ‘Operation Electric Powder,’ dating back to 2016-2017, has been established. This operation, involving cyber-attacks targeting Israel, is believed to be orchestrated by the Hamas-affiliated ‘Gaza Cybergang.’ The new SysJoker variant, submitted to VirusTotal in October 2023, aligns with the escalation of tensions between Israel and Hamas.

SysJoker’s primary function involves fetching and loading additional payloads, with its communication primarily handled through a OneDrive URL. Despite its advanced capabilities, the malware currently lacks command execution features seen in earlier versions.


While the full extent of SysJoker’s impact and its definitive ties to the Hamas-affiliated group remain under investigation, its emergence underscores the evolving landscape of cybersecurity threats. Users across multiple platforms must remain vigilant against such sophisticated malware.

Photo by Ryunosuke Kikuno on Unsplash

Cogeanu Marius
Cogeanu Marius
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on


Please enter your comment!
Please enter your name here

Popular Articles