New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems.

AT&T Alien Labs, which made the discovery, said the malware is “equipped with an extensive array of commands from its command-and-control (C&C) server.”

Artifacts designed for macOS were first observed in July 2023, impersonating installers for legitimate software such as CapCut. Other variants of the malware have masqueraded as AnyConnect and security tools.

It’s also capable of modifying the clipboard to facilitate cryptocurrency theft by substituting wallet addresses and siphoning files and data from web browsers.

“On macOS, JaskaGO employs a multi-step process to establish persistence within the system,” security researcher Ofer Caspi said, outlining its capabilities to run itself with root permissions, disable Gatekeeper protections, and create a custom launch daemon (or launch agent) to ensure it’s automatically launched during system startup.

“JaskaGO contributes to a growing trend in malware development leveraging the Go programming language,” Caspi said.

“Go, also known as Golang, is recognized for its simplicity, efficiency, and cross-platform capabilities. Its ease of use has made it an attractive choice for malware authors seeking to create versatile and sophisticated threats.”