JaskaGO: The Cross-Platform Information Stealer Threatens Windows and macOS
Reading Time: 3 Minutes
A new Go-based information stealer malware, known as JaskaGO, has emerged as a significant cross-platform threat, capable of infiltrating both Windows and Apple macOS systems.
Discovered by AT&T Alien Labs, this malware is equipped with a wide range of commands from its command-and-control (C&C) server, making it a versatile and sophisticated threat.
Artifacts designed for macOS were first observed in July 2023, with the malware disguising itself as installers for legitimate software such as CapCut, AnyConnect, and security tools. Upon installation, JaskaGO performs checks to determine if it is running within a virtual machine (VM) environment, executing harmless tasks to evade detection.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
In addition to harvesting information from victim systems and establishing connections to its C&C for further instructions, JaskaGO is capable of executing shell commands, enumerating running processes, and downloading additional payloads. It can also modify the clipboard to facilitate cryptocurrency theft by substituting wallet addresses and siphoning files and data from web browsers.
Security researcher Ofer Caspi highlighted JaskaGO’s multi-step process to establish persistence within macOS systems, including running itself with root permissions, disabling Gatekeeper protections, and creating a custom launch daemon to ensure automatic startup during system boot.
Trending: Recon Tool: PassDetective
Caspi also noted the growing trend in malware development leveraging the Go programming language, citing its simplicity, efficiency, and cross-platform capabilities as attractive features for malware authors seeking to create versatile and sophisticated threats.
The distribution method of JaskaGO and the scale of the campaign remain unclear at this time, raising concerns about the potential impact of this emerging threat.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Spike in Phishing Campaigns Delivers Latrodectus, the Successor to IcedID
North Korean APT Kimsuky Deploys New Gomir Linux Backdoor in Targeted Attacks
FBI Shuts Down Infamous BreachForums in International Cybercrime Crackdown
D-Link’s DIR-X4860 Vulnerable to Remote Command Execution with Zero-Day Exploit and Released PoC
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
