It’s also capable of modifying the clipboard to facilitate cryptocurrency theft by substituting wallet addresses and siphoning files and data from web browsers.
“On macOS, JaskaGO employs a multi-step process to establish persistence within the system,” security researcher Ofer Caspi said, outlining its capabilities to run itself with root permissions, disable Gatekeeper protections, and create a custom launch daemon (or launch agent) to ensure it’s automatically launched during system startup.
It’s currently not known how the malware is distributed and if it entails phishing or malvertising lures. The scale of the campaign remains unclear as yet.
“JaskaGO contributes to a growing trend in malware development leveraging the Go programming language,” Caspi said.
“Go, also known as Golang, is recognized for its simplicity, efficiency, and cross-platform capabilities. Its ease of use has made it an attractive choice for malware authors seeking to create versatile and sophisticated threats.”