A Webb Telescope image is being used to push malware

Joystiq

Joystiq News
One of the first images taken by the
Please, Log in or Register to view URLs content!
that was released by NASA was the "sharpest infrared image of the distant universe to date." It's a wondrous photo showing a detailed cluster of galaxies. It's also currently being used by bad actors
Please, Log in or Register to view URLs content!
. Security analytics platform
Please, Log in or Register to view URLs content!
has identified a new malware campaign that uses the image, and the company is calling it the GO#WEBBFUSCATOR.

The attack starts with a phishing email containing a Microsoft Office attachment. Hidden within the document's metadata is a URL that downloads a file with a script, which runs if certain Word macros are enabled. That, in turn, downloads a copy of
Please, Log in or Register to view URLs content!
photo (pictured above) that contains as a malicious code masquerading as a certificate. In its report about the campaign, the company said all anti-virus programs were unable to detect the malicious code in the image.


Securonix VP Augusto Barros told
Please, Log in or Register to view URLs content!
that there are a couple of possible reasons why the bad actors chose to use the popular James Webb photo. One is that the high-resolution images NASA had released come in massive file sizes and can evade suspicion in that regard. Also, even if an anti-malware program flags it, reviewers might pass it over since it's been widely shared online in the past couple of months.

Another interesting thing of note about the campaign is that it uses Golang, Google’s open-source programming language, for its malware. Securonix says Golang-based malware are rising in popularity, because they have flexible cross-platform support and are more difficult to analyze and reverse engineer than malware based on other programming languages. Like other malware campaign that starts with a phishing email, though, the best way to avoid being a victim of this attack is to avoid downloading attachments from untrusted sources.

Please, Log in or Register to view URLs content!


Console Bang News!
 

Users who are viewing this thread

Top