Hamas-Linked Group Revives SysJoker Malware, Leverages OneDrive

Check Point Research has discovered a new version of the multi-platform backdoor SysJoker, which is capable of targeting Windows, macOS, and Linux systems. According to their report, this malware variant is being used by a Hamas-affiliated advanced persistent threat group to attack Israel. The malware has been completely rewritten but maintains its functionality, and now uses OneDrive instead of Google Drive for storing dynamic C2 URLs.