New “SysJoker” cross-platform exploit now can infect machines with different OSes.
Interestingly, this exploit uses Universal Binary allowing it to run on Intel and Apple Silicon Macs. Code is signed with ad-hoc certificate. New certificates could be used in the future.
The files and directories created by SysJoker include:AppleInsider
The persistence code is under the path
LibraryLaunchAgents/com.apple.update.plist. If the files are found on a Mac, it is advised to kill off all related processes and delete the files.
Developer:Avoid opening files from untrusted sources.
QA engineer:Avoid opening files from untrusted sources.
PM/DM:Avoid opening files from untrusted sources.