As the digital world is progressing and people are becoming dependent on it, new methods are being created by fraudsters to steal data. One of them is JaskaGo Malware which is emerging as a new cyber threat to the entire world.
Today, in this article, we will discuss What Is JaskaGO and how it works.
What Is JaskaGO?
The most recent threat to compromise both Windows and Apple macOS systems is a new Go-based information thieving malware known as JaskaGO. This malware has been written in the GO programming language.
GO programming language, commonly referred to as Golang, is renowned for its cross-platform compatibility, simplicity, and efficiency. Because of its simplicity of use, malware writers who want to create complex and adaptable threats find it appealing.
The JaskaGO malware was discovered by AT&T Alien Labs, which stated that this malware is equipped with an extensive array of commands from its command-and-control (C&C) server.
The first macOS-specific artifacts were discovered in July 2023, masquerading as installers for reputable programs like CapCut. Malware variations have taken on the guise of AnyConnect and security tools.
JaskaGO installs itself, checks to see if it is running in a virtual machine (VM) environment, and if it is, it likely tries to hide its presence by performing a task like pinging Google or printing a random number.
In other cases, JaskaGO collects data from the target system and connects to its command and control center to get more instructions, such as how to run shell commands, list all processes that are active, and download more payloads.
It can also change the clipboard to make cryptocurrency theft easier by replacing wallet addresses and stealing files and information from online browsers.
Security researcher Ofer Caspi explained that on macOS, JaskaGO employs a multi-step process to establish persistence within the system, describing its ability to run itself with root permissions, turn off Gatekeeper security, and make a custom launch daemon (or launch agent) to make sure it launches automatically when the system boots up.
The malware’s distribution method and whether it uses phishing or malvertising lures are currently unknown. The campaign’s scope is still unknown at this time.
As Caspi said, JaskaGO contributes to a growing trend in malware development leveraging the Go programming language.
JaskaGO connects to the C2 infrastructure, gathers data from the compromised system, and waits for instructions.
JaskaGO malware supports following commands:
- Giving the malware persistence (details in the next section).
- Features of a stealth device: gathering data from the compromised device and sending it to the command and control center.
- Pinging the control and command line.
- Carrying out shell commands.
- Putting warning messages on display.
- Obtaining the list of active processes.
- Executing data in memory or on disk.
- One popular method for stealing cryptocurrency funds is to write to the clipboard.
- Carrying out a haphazard task (such as those listed in the VM detection section).
- Obtaining and running extra payloads.
- Starting the process of leaving (oneself).
- Starting the procedure to close and remove itself.
JaskaGO offers a variety of exfiltration options. The malware zips and transfers the collected data to the C2 after storing it in a specially made folder.
The following data can be stolen by malware from Firefox and Chrome browsers:
- login credentials for the browser.
- Browser History.
- Cookies: “Cookies,” “cookies.sqlite,” and “Network” files and folders.
- Key4.db, which contains the master key needed to decrypt every password kept in logins.json, is the password encryption key.
- (profile.ini, \Profile\d+$) profile files.
- “Login Data” folder which contains login information.
The information thief can also exfiltrate files and folders and target browser extensions for cryptocurrency wallets.
JaskaGO responds to a multi-step process on macOS in order to preserve persistence.
In order to hide its existence on the system, it runs as Root, turns off Gatekeeper, and makes duplicate copies of itself with the name format “com.%s.appbackgroundservice.”
To guarantee persistence, the malware additionally generates a LaunchDaemon or LaunchAgent.
You may also like:
- What Is Cyberstalking in Cyber Security? Big update 2023
- Russian Cybergroup Star Blizzard Unleashes Global Spear-phishing Attack: Big Update 2023
How Did JaskaGO Enter The Computer?
Hackers use a variety of fraudulent techniques to fool users into unknowingly installing malware on their computers.
Phishing emails, in which attackers send emails that appear authentic but contain malicious links or attachments, are one popular technique. Their goal is to deceive users into opening attachments or clicking links that will launch malware.
The use of malicious websites and online advertisements is another strategy. Cybercriminals create authentic-looking websites or advertisements in an attempt to lure users into clicking on them. These websites have the potential to initiate drive-by downloads or ask users to download files that appear harmless but actually contain malicious code once they are clicked.
JaskaGO or other malwares can also be distributed through other channels, such as unofficial app stores, P2P networks, infected USB drives, key generators, cracking tools, third-party downloaders, and pirated software.
How To Avoid Malware Installation In Your System?
- To identify possible threats, install reliable antivirus and anti-malware software and run routine computer scans.
- To ensure strong security, make sure your operating system, apps, and antivirus software are updated on a regular basis.
- Use caution when opening attachments and clicking links in emails, especially if the sender is unfamiliar or unexpected.
- Steer clear of downloading programs, files, or apps from unknown or dubious websites. Select reliable sources to lessen the chance of downloading malicious software.
- To reduce the possibility of coming across harmful elements, avoid interacting with pop-ups, advertisements, and other similar content on dubious websites.
Conclusion:
In this article we discussed how JaskaGO is a formidable threat with strong data exfiltration abilities and how its versatility includes the ability to steal cryptocurrency and browser data, and to exfiltrate particular files and folders based on commands from its command and control center. We also discussed that strong cybersecurity measures are essential for reducing any potential harm to user data and system security.
That’s all for now my friend! I hope this article will be valuable for you. You can reach me through the emails given below. I will love your valuable comments and feedback.
Yours
Abhijit Ranjan