Windows and macOS users are being targeted with JaskaGO, a rare instance of cross-platform malware capable of data exfiltration, second-stage malware deployment, and more, experts have warned.
According to AT&T Alien Labs, which uncovered the threat, JaskaGO is written in the Go programming language, and is equipped with an “extensive array of commands from its command-and-control (C&C) server."
While methods of delivery differ, the researchers said that for Apple users, JaskaGo is impersonating CapCut and AnyConnect installers, among others.
Tracking the clipboard for crypto payments
Once installed, the malware will first run tests to see if it’s operating in a sandbox. If it discovers being opened in a virtual machine environment, it will run meaningless tasks to avoid being flagged as malicious. If, on the other hand, it deems the environment a legitimate target, it will grab system data and try to connect to its C2.
The malware is capable of a variety of actions, including running shell commands, enumerating running processes, and downloading additional malware. It can also track the clipboard for cryptocurrency wallet addresses.
Usually, crypto users would make transactions by copying and pasting the recipient’s address (as it’s a long string of seemingly random characters that is almost impossible to memorize) into an app or a service. By tracking the clipboard, the malware can inject the attacker’s address, making the victim paste the wrong string and send the funds to an attacker-controlled wallet.
"On macOS, JaskaGO employs a multi-step process to establish persistence within the system," security researcher Ofer Caspi told TheHackerNews.
At this point, AT&T Alien Labs’ researchers don’t know how JaskaGo is being delivered to most users, and if any phishing or social engineering is involved. They also can’t estimate the number of infected devices at this point.
"JaskaGO contributes to a growing trend in malware development leveraging the Go programming language," Caspi added. "Go, also known as Golang, is recognized for its simplicity, efficiency, and cross-platform capabilities. Its ease of use has made it an attractive choice for malware authors seeking to create versatile and sophisticated threats."
More from TechRadar Pro
- These fake Android antivirus apps install a dangerous banking trojan
- Here's a list of the best firewalls today
- These are the best endpoint protection services right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.