ClickCease Alert: JaskaGo Malware Targets Windows And macOS Systems

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Alert: JaskaGo Malware Targets Windows And macOS Systems

Wajahat Raja

January 3, 2024 - TuxCare expert team

AT&T Alien Labs has recently discovered an information stealer called the JaskaGo malware. Threats arising from the cross-platform malware are highly severe as it can infiltrate both Windows and macOS systems. 

As per recent reports, the JaskaGo malware is equipped with multiple commands and is also capable of maintaining its persistence in different ways. In this article, we’ll uncover how cross-platform malware functions and the types of information it can steal.

 

Cybersecurity Threat 2023: JaskaGO Malware Unveiled


According to researchers at AT&T, Alien Labs have discovered that the JaskaGo malware has been created in the Go programming language. In addition, the cross-platform malware comes with multiple commands from its command-and-control (C&C) server. It’s worth mentioning that delivery methods for the malware vary.

However, an analysis of malicious software attacks carried out on macOS users has identified that malware is impersonating CapCut and AnyConnect installers. Its sophisticated attack protocols pose significant security risks for Windows and macOS users. Reports have uncovered that the malware, once installed, runs multiple tests. 

The purpose of these tests is to determine if it’s operating in a sandbox environment. If the JaskaGo malware determines it has been opened in a virtual environment, it will execute meaningless tasks so that it’s not flagged as malicious. However, if it’s opened by an actual user, the cross-platform malware will grab the system’s data and aim to connect it to its C2.

It’s worth mentioning that macOS malware threats arising from the JaskaGo malware were first discovered back in July 2023. Upon the initial discovery, researchers examined dozens of samples and mentioned that the malware still has a low detection rate. 

Such threat dynamics justify the severe security risks for Windows and macOS users and necessitate the development and implementation of tailored cybersecurity strategies


JaskaGo Malware Malicious Software Attacks Decoded 


Once the JaskaGo malware is connected to its C2, it receives instructions pertaining to malicious activities. Such instructions include the execution of shell commands and the download initiation of additional payloads. However, its attack capabilities extend far beyond these commands. The cross-platform malware is also capable of:

  • Displaying false alerts.
  • Collecting information. 
  • Developing persistence.
  • Performing random tasks.
  • Executing on disk or in memory files. 
  • Launching protocols for self-exit or deletion.

It’s worth mentioning that on macOS devices, the JaskaGo malware uses a multi-step process to maintain persistence. It executes as Root and, upon successful execution, disables Gatekeeper and adapts the name “com.%s.appbackgroundservice.” It’s worth mentioning here that adapting its name is what allows the malware to hide its presence on the system. 

On Windows systems, the malware uses two methods for developing persistence. It can create a service and initiate its execution. However, it can also create a Windows Terminal profile using “C:\users$env:UserName\AppData\Local\Packages\Microsoft. WindowsTerminal_*\LocalState\settings.json.”

It’s worth noting that the file is configured to run automatically on a Windows reboot and can launch a PowerShell malware process to execute the malware. 


JaskGo Cross-Platform Malware Stealing Information 


In addition to the capabilities mentioned above, the JaskaGo malware is also capable of stealing information from both Chrome and Firefox browsers. Those keen on protecting their systems from macOS and Windows malware must know that the stolen information from the browser can vary with each attack. Such information can include 

  • History.
  • Cookies.
  • Profile files. 
  • Browser credentials.
  • Password encryption keys. 

In addition to this, it can also target crypto wallet extensions and exfiltrate files and folders. 


Conclusion 


The JaskaGo malware, discovered by AT&T Alien Labs, is being seen as a severe online threat to Windows and macOS users. The cross-platform malware is capable of developing persistence on both systems using different methods. 

Once executed, it can be used to run shell commands, extract different types of information, and download additional payloads. The severe implications of this malware necessitate that organizations use robust cybersecurity measures to safeguard their systems. 

The sources for this piece include articles in The Hacker News and TechRadar

Summary
Alert: JaskaGo Malware Targets Windows And macOS Systems
Article Name
Alert: JaskaGo Malware Targets Windows And macOS Systems
Description
Stay updated with how the JaskaGo malware operates and learn how you can protect your Windows and macOS systems. Stay informed, stay secure!
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter