Categories: Cyber Security NewsmacOSMalwareWindows

JaskaGO Malware Attacking Windows and macOS Operating Systems

Due to the widespread use and popularity of Windows and macOS, threat actors often target these platforms.

Windows is a common target because it dominates the global operating system market, while macOS is targeted because of its majority among:-

Professionals
Creative industries

Recently, cybersecurity researchers at ATT discovered JaskaGO malware, which was found to be attacking Windows and macOS operating systems.

JaskaGO Malware Attacking Windows

JaskaGO, using the Go programming language, signifies a rise in malware trends. Go’s simplicity attracts authors, creating versatile threats.

Despite macOS’s perceived security, JaskaGO eliminates the myth, targeting both macOS and Windows users. It disguises itself as legit software on pirated pages, evolving and spreading since its first Mac-focused appearance in July 2023.

Moreover, the low detection rate of this malware creates complex challenges for antivirus engines.

The malware tricks users with a fake error box on startup, pretending to fail. It checks for virtual machines by examining system details like:-

Processors
Memory
MAC addresses

Besides this, the detection of VM-related traces triggers random command execution. Here below, we have mentioned the commands:-

Ping Google.
Create a File on the Desktop (e.g., config.ini).
List files on the user’s desktop.
List local IP addresses.
Make a simple HTTP GET request to https://www.web3api.com.
Print a random number.
Create a directory with a random name in the user’s home directory.
Print a random string.

Perform random task (Source – ATT)

Once VM detection is evaded, JaskaGO gathers victim info and connects to its command center, staying alert for further commands.

JaskaGO skillfully exfiltrates data, storing and zipping it in a dedicated folder before sending it to the threat actor.

Here below, we have mentioned all the stealers used:-

Browser stealer
Cryptocurrency stealer

JaskaGO is a cross-platform threat challenging macOS invulnerability, using anti-VM tactics for stealth, persistently embedding in systems, and transforming into a dangerous threat with stealer capabilities.

IOCs

SHA256: 7bc872896748f346fdb2426c774477c4f6dcedc9789a44bd9d3c889f778d5c4b
SHA256: f38a29d96eee9655b537fee8663d78b0c410521e1b88885650a695aad89dbe3f
SHA256: 6efa29a0f9d112cfbb982f7d9c0ddfe395b0b0edb885c2d5409b33ad60ce1435
SHA256: f2809656e675e9025f4845016f539b88c6887fa247113ff60642bd802e8a15d2
SHA256: 85bffa4587801b863de62b8ab4b048714c5303a1129d621ce97750d2a9a989f9
SHA256: 37f07cc207160109b94693f6e095780bea23e163f788882cc0263cbddac37320
SHA256: e347d1833f82dc88e28b1baaa2657fe7ecbfe41b265c769cce25f1c0e181d7e0
SHA256: c714f3985668865594784dba3aeda1d961acc4ea7f59a178851e609966ca5fa6
SHA256: 9b23091e5e0bd973822da1ce9bf1f081987daa3ad8d2924ddc87eee6d1b4570d
SHA256: 1c0e66e2ea354c745aebda07c116f869c6f17d205940bf4f19e0fdf78d5dec26
SHA256: e69017e410aa185b34e713b658a5aa64bff9992ec1dbd274327a5d4173f6e559
SHA256: 6cdda60ffbc0e767596eb27dc4597ad31b5f5b4ade066f727012de9e510fc186
SHA256: 44d2d0e47071b96a2bd160aeed12239d4114b7ec6c15fd451501c008d53783cf
SHA256: 8ad4f7e14b36ffa6eb7ab4834268a7c4651b1b44c2fc5b940246a7382897c98e
SHA256: 888623644d722f35e4dcc6df83693eab38c1af88ae03e68fd30a96d4f8cbcc01
SHA256: 3f139c3fcad8bd15a714a17d22895389b92852118687f62d7b4c9e57763a8867
SHA256: 207b5ee9d8cbff6db8282bc89c63f85e0ccc164a6229c882ccdf6143ccefdcbc

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.