JaskaGO: New Malware Threat Stalks Windows & macOS
Researchers have disclosed the discovery of a novel cross-platform Go malware, JaskaGO, designed for information theft and targeting systems running Windows and macOS.
The first traces of the macOS version of JaskaGO were observed in July 2023, when the malware masqueraded as installers for various legitimate software, such as CapCut, AnyConnect, and cybersecurity tools.
Experts at AT&T Alien Labs, who uncovered the malicious software, report that it supports a comprehensive array of commands from a control server.
Once installed on a victim’s machine, JaskaGO checks whether it is operating on a virtual machine, and if so, performs a harmless task, like pinging Google, to avoid detection.
Anti-virus detection for recent JaskaGO samples within VirusTotal | Image: AT&T Alien Labs
If everything is normal, JaskaGO collects information about the victim’s system and establishes a connection with its command server to receive further instructions, including executing shell commands, creating a list of running processes, and downloading additional payloads.
Moreover, the stealer can modify data in the clipboard, replacing cryptocurrency wallet addresses with those owned by hackers, and steal files and data from browsers.
It is reported that the version of the malware intended for Apple devices uses a multi-stage process to establish itself in the system. Notably, the malware can launch itself with root privileges, disable Gatekeeper protection, and create its launch daemons to ensure automatic startup with each system boot.
Researchers are currently unaware of how JaskaGO is being distributed, whether through phishing or malicious advertising campaigns.
“JaskaGO contributes to a growing trend in malware development leveraging the Go programming language.” conclude the specialists. “Employing sophisticated anti-VM tactics, JaskaGO sidesteps automatic analysis, making it a formidable challenge for detection. Its persistence mechanisms reveal a determined effort to embed itself within systems, while its stealer capabilities transform the malware into a dangerous threat, extracting sensitive information from unsuspecting victims.“
