Brother
Professional
- Messages
- 2,590
- Reaction score
- 534
- Points
- 113
Holders of cryptoassets are in a high risk zone, and the new Golang stealer has prepared a special trump card for them.
Recently, a team of Alien Labs researchers from AT&T discovered a new and very serious threat in the field of cybersecurity — the multi-platform malware JaskaGO, created in the Golang programming language.
The malware is an infostealer with advanced features and is aimed at Windows and macOS operating systems. It uses a wide range of commands that it receives from the attackers C2 server.
Instances of JaskaGO designed for macOS were first discovered by researchers in July of this year. They were cleverly disguised as installers of legitimate software such as CapCut, AnyConnect, and various security tools.
After launching, JaskaGO performs a series of checks, including determining whether the malware is running on a real system or on a virtual machine. In the latter case, the program starts performing completely harmless actions, such as pinging the Google site. In this way, hackers try to convince researchers that the file they found does not pose any threat.
If the malware detects that it is running on a real system, it immediately begins collecting information and establishes communication with its C2 server for further instructions. These instructions include executing shell commands, listing running processes, and loading additional payloads.
JaskaGO can also be used to steal cryptocurrencies by spoofing victims wallet addresses in real time with similar ones that belong to hackers. The malware also actively steals files and data from web browsers.
Ofer Kaspi, a security researcher, noted that on macOS, JaskaGO uses a multi-step process to ensure persistence on the system, which includes running as an administrator, disabling Gatekeeper protection, and creating a customized startup daemon to automatically turn on at system startup. However, on Windows systems, the malware uses similar mechanisms.
It is not yet known how this malware is distributed and whether phishing or fraudulent advertising is used for this purpose. The scale of the campaign also remains unclear.
Caspi emphasizes that JaskaGO is part of a growing trend of using the Go programming language for malware development. Known for its simplicity, efficiency, and cross-platform capabilities, this language is becoming an increasingly popular choice among malware creators seeking to create the most functional and sophisticated hacking tools possible.
Recently, a team of Alien Labs researchers from AT&T discovered a new and very serious threat in the field of cybersecurity — the multi-platform malware JaskaGO, created in the Golang programming language.
The malware is an infostealer with advanced features and is aimed at Windows and macOS operating systems. It uses a wide range of commands that it receives from the attackers C2 server.
Instances of JaskaGO designed for macOS were first discovered by researchers in July of this year. They were cleverly disguised as installers of legitimate software such as CapCut, AnyConnect, and various security tools.
After launching, JaskaGO performs a series of checks, including determining whether the malware is running on a real system or on a virtual machine. In the latter case, the program starts performing completely harmless actions, such as pinging the Google site. In this way, hackers try to convince researchers that the file they found does not pose any threat.
If the malware detects that it is running on a real system, it immediately begins collecting information and establishes communication with its C2 server for further instructions. These instructions include executing shell commands, listing running processes, and loading additional payloads.
JaskaGO can also be used to steal cryptocurrencies by spoofing victims wallet addresses in real time with similar ones that belong to hackers. The malware also actively steals files and data from web browsers.
Ofer Kaspi, a security researcher, noted that on macOS, JaskaGO uses a multi-step process to ensure persistence on the system, which includes running as an administrator, disabling Gatekeeper protection, and creating a customized startup daemon to automatically turn on at system startup. However, on Windows systems, the malware uses similar mechanisms.
It is not yet known how this malware is distributed and whether phishing or fraudulent advertising is used for this purpose. The scale of the campaign also remains unclear.
Caspi emphasizes that JaskaGO is part of a growing trend of using the Go programming language for malware development. Known for its simplicity, efficiency, and cross-platform capabilities, this language is becoming an increasingly popular choice among malware creators seeking to create the most functional and sophisticated hacking tools possible.
