A newly discovered cross-platform threat named JaskaGO has surfaced as a Go-based information stealer malware, impacting both Windows and Apple macOS systems. AT&T Alien Labs identified the malware, noting its extensive command set received from a command-and-control (C&C) server.
The macOS variant of JaskaGO was initially identified in July 2023, adopting disguises such as installers for legitimate software like CapCut, AnyConnect, and security tools. Once installed, the malware conducts checks to ascertain if it is operating within a virtual machine (VM) environment, executing benign tasks like pinging Google to evade detection.
JaskaGO is capable of harvesting information from the victim system, connecting to its C&C server for further instructions. Its functionalities include executing shell commands, enumerating running processes, downloading additional payloads, modifying the clipboard for cryptocurrency theft, and extracting files and data from web browsers.
On macOS, JaskaGO implements a multi-step process for persistence within the system, running with root permissions, disabling Gatekeeper protections, and creating a custom launch daemon for automatic startup during system boot.
The distribution method of the malware remains unknown, and the extent of the campaign is yet to be determined. JaskaGO aligns with the increasing trend in malware development utilizing the Go programming language (Golang) due to its simplicity, efficiency, and cross-platform capabilities, making it an attractive choice for creating versatile and sophisticated threats.
Bình luận