Novel SysJoker variant leveraged by Hamas-linked threat operation

BleepingComputer reports that Israel has been targeted in attacks with an updated Rust-based version of the multi-platform SysJoker malware by the Gaza Cybergang, which is affiliated with Palestinian militant group Hamas. Such SysJoker malware variant, initially submitted to VirusTotal earlier last month amid the Israel-Hamas war, not only bypassed detection through complex code string encryption and established persistence through PowerShell but also ensured command-and-control server communications and facilitated further payload retrieval, according to a Check Point report. Known SysJoker command execution capabilities were not available in the updated variant although such features could make a comeback, said researchers, who also discovered the new "AppMessagingRegistrar" and "DMADevice" iterations of SysJoker. Meanwhile, the new SysJoker malware was attributed to Gaza Cybergang after researchers discovered the malware's usage of the "StdRegProv" WMI class in the PowerShell command for persistence, as well as the presence of similar script commands, API-themed URLs, and data gathering techniques.