JaskaGO Malware Attacking Windows and macOS Operating Systems

Due to the widespread use and popularity of Windows and macOS, threat actors often target these platforms. 



Windows is a common target because it dominates the global operating system market, while macOS is targeted because of its majority among:-



Professionals 



Creative industries
Recently, cybersecurity researchers at ATT discovered JaskaGO malware, which was found to be attacking Windows and macOS operating systems.



JaskaGO Malware Attacking Windows



JaskaGO, using the Go programming language, signifies a rise in malware trends. Go’s simplicity attracts authors, creating versatile threats. 



Despite macOS’s perceived security, JaskaGO eliminates the myth, targeting both macOS and Windows users. It disguises itself as legit software on pirated pages, evolving and spreading since its first Mac-focused appearance in July 2023. 



Moreover, the low detection rate of this malware creates complex challenges for antivirus engines.



The malware tricks users with a fake error box on startup, pretending to fail. It checks for virtual machines by examining system details like:-



Processors



Memory



MAC addresses
Besides this, the detection of VM-related traces triggers random command execution. Here below, we have mentioned the commands:-



Ping Google.



Create a File on the Desktop (e.g., config.ini).



List files on the user’s desktop.



List local IP addresses.



Make a simple HTTP GET request to https://www.web3api.com.



Print a random number.



Create a directory with a random name in the user’s home directory.



Print a random string.

Perform random task (Source – ATT)


Once VM detection is evaded, JaskaGO gathers victim info and connects to its command center, staying alert for further commands.



JaskaGO skillfully exfiltrates data, storing and zipping it in a dedicated folder before sending it to the threat actor.



Here below, we have mentioned all the stealers used:-



Browser stealer



Cryptocurrency stealer
JaskaGO is a cross-platform threat challenging macOS invulnerability, using anti-VM tactics for stealth, persistently embedding in systems, and transforming into a dangerous threat with stealer capabilities.



IOCs



SHA256: 7bc872896748f346fdb2426c774477c4f6dcedc9789a44bd9d3c889f778d5c4b



SHA256: f38a29d96eee9655b537fee8663d78b0c410521e1b88885650a695aad89dbe3f



SHA256: 6efa29a0f9d112cfbb982f7d9c0ddfe395b0b0edb885c2d5409b33ad60ce1435



SHA256: f2809656e675e9025f4845016f539b88c6887fa247113ff60642bd802e8a15d2



SHA256: 85bffa4587801b863de62b8ab4b048714c5303a1129d621ce97750d2a9a989f9



SHA256: 37f07cc207160109b94693f6e095780bea23e163f788882cc0263cbddac37320



SHA256: e347d1833f82dc88e28b1baaa2657fe7ecbfe41b265c769cce25f1c0e181d7e0



SHA256: c714f3985668865594784dba3aeda1d961acc4ea7f59a178851e609966ca5fa6



SHA256: 9b23091e5e0bd973822da1ce9bf1f081987daa3ad8d2924ddc87eee6d1b4570d



SHA256: 1c0e66e2ea354c745aebda07c116f869c6f17d205940bf4f19e0fdf78d5dec26



SHA256: e69017e410aa185b34e713b658a5aa64bff9992ec1dbd274327a5d4173f6e559



SHA256: 6cdda60ffbc0e767596eb27dc4597ad31b5f5b4ade066f727012de9e510fc186



SHA256: 44d2d0e47071b96a2bd160aeed12239d4114b7ec6c15fd451501c008d53783cf



SHA256: 8ad4f7e14b36ffa6eb7ab4834268a7c4651b1b44c2fc5b940246a7382897c98e



SHA256: 888623644d722f35e4dcc6df83693eab38c1af88ae03e68fd30a96d4f8cbcc01



SHA256: 3f139c3fcad8bd15a714a17d22895389b92852118687f62d7b4c9e57763a8867



SHA256: 207b5ee9d8cbff6db8282bc89c63f85e0ccc164a6229c882ccdf6143ccefdcbc
The post JaskaGO Malware Attacking Windows and macOS Operating Systems appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform .