Cybersecurity researchers have uncovered a new form of malware that can create backdoors on Windows, Linux and macOS operating systems, providing hackers with full access to compromised systems. 

The malware has been detailed by researchers at Intezer, who have named it SysJoker. It was discovered while they were investigating an attack against a Linux-based web server at an undisclosed educational institution in December. SysJoker wasn't the malware behind the attack being investigated – but it was already present on the servers. 

The nature of SysJoker and the way it's designed to provide a backdoor into systems – with the ability to run commands, download and upload files – suggests the goal for those delivering it could be espionage, but it could also be utilised as a tool for delivering additional malware to compromised systems.

SEE: A winning strategy for cybersecurity (ZDNet special report)

"Based on the malware's capabilities we assess that the goal of the attack is espionage together with lateral movement that might also lead to a ransomware attack as one of the next stages," Avigayil Mechtinger, cybersecurity researcher at Intezer, told ZDNet. 

SysJoker compromises victim devices by masquerading as a system update for Linux and MacOS, while in the Windows version it masquerades as Intel drivers. It's unclear how the phoney driver updates are delivered to victims, but the nature of the updates means that users are likely to follow the instructions to install them.  

Researchers note that the names of the update names like "updateMacOs" and "updateSystem" are relatively generic, which is something that could potentially arouse suspicion.