Windows and macOS users are being targeted with JaskaGO, a rare instance of cross-platform malware capable of data exfiltration, second-stage malware deployment, and more, experts have warned.
According to AT&T Alien Labs, which uncovered the threat, JaskaGO is written in the Go programming language, and is equipped with an “extensive array of commands from its command-and-control (C&C) server.”
While methods of delivery differ, the researchers said that for Apple users, JaskaGo is impersonating CapCut and AnyConnect installers, among others.
Tracking the clipboard for crypto payments
Once installed, the malware will first run tests to see if it’s operating in a sandbox. If it discovers being opened in a virtual machine environment, it will run meaningless tasks to avoid being flagged as malicious. If, on the other hand, it deems the environment a legitimate target, it will grab system data and try to connect to its C2.
The malware is capable of a variety of actions, including running shell commands, enumerating running processes, and downloading additional malware. It can also track the clipboard for cryptocurrency wallet addresses.
Usually, crypto users would make transactions by copying and pasting the recipient’s address (as it’s a long string of seemingly random characters that is almost impossible to memorize) into an app or a service. By tracking the clipboard, the malware can inject the attacker’s address, making the victim paste the wrong string and send the funds to an attacker-controlled wallet.
“On macOS, JaskaGO employs a multi-step process to establish persistence within the system,” security researcher Ofer Caspi told TheHackerNews.
At this point, AT&T Alien Labs’ researchers don’t know how JaskaGo is being delivered to most users, and if any phishing or social engineering is involved. They also can’t estimate the number of infected devices at this point.
“JaskaGO contributes to a growing trend in malware development leveraging the Go programming language,” Caspi added. “Go, also known as Golang, is recognized for its simplicity, efficiency, and cross-platform capabilities. Its ease of use has made it an attractive choice for malware authors seeking to create versatile and sophisticated threats.”
More from TechRadar Pro
- These fake Android antivirus apps install a dangerous banking trojan
- Here’s a list of the best firewalls today
- These are the best endpoint protection services right now
At TechRookies.com will strive to help turn Tech Rookies into Pros!
Want more articles click Here!
Deals on Homepage!
Subscribe to our newsletters. Here! On the homepage
Tech Rookies Music Here!
Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.
Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com
Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.