In recent days the spread of the fearsome virus has been causing considerable concern JaskaGOa cross-platform malware discovered by researchers at AT&T Alien Labs.
We are talking about a malicious agent with data exfiltration functions and acting at multiple levels on the affected machines, as well as having the ability to be multiplatform, acting without distinction on computers Windows as well as in the environment macOS. Another unique feature of JaskaGO is its programming language, i.e GO. This allows the malware to execute a wide range of commands from the command and control server.
The experts, after careful analysis, managed to determine the behavior of JaskaGO. This, once installed on a computer, carries out quick tests to understand if it is in an environment sandbox or less. In case of a positive response, it stops its malicious activities.
If there are no traces of a protected environment, it acts by starting to select potentially interesting data and carrying out other invasive actions. In this regard, it seems that the malware has a particular predisposition for user credentials crypto wallets.
JaskaGO, Cryptocurrency Wallets Are the Main Target of Malware
Cryptocurrency theft usually occurs through the copy paste of the address of the possible recipient. The malware, in this case, can “intercept” the user’s notes by replacing the real address with that of the cybercriminals.
At the moment, the team involved in analyzing the malicious element does not yet know the main vectors used for its spread in the Windows environment. Most likely, however, it is a mix of techniques social engineering and classic strategies related to phishing.
As far as macOS is concerned, however, it seems that cyber criminals offer scams on specific websites installer specially modified legitimate software such as CapCut e AnyConnect.
All this demonstrates once again how important it is to protect your devices from possible threats, both with good antivirus as with a prudent approach compared to comele to download software from unreliable sources.