One of the stunning James Webb telescope images is now being used by malicious actors to spread malware among devices.
An image from the first set of James Webb telescope photos is now being exploited by cybercriminals, who are hiding malicious code within files to spread malware.
Some James Webb Image Files Are Now a Security Threat
In July 2022, the first images captured by the James Webb telescope were released to the public. These highly detailed photos gave the world further insight into what the universe looks like. However, this amazing event is now being capitalized upon by malicious actors.
It was found in September 2022 by security analytics firm Securonix that one of the first five James Webb images is now being exploited by hackers to spread malware. Securonix has coined it the “GO#WEBBFUSCATOR” malware campaign, with the “GO” relating to the kind of coding language used in the venture, Golang.
Golang has been around for some time, but only had its first stable release in August 2022. And, in a very short space of time, malicious parties began using this language to spread malware. One of the main reasons for this is that Golang is cross-platform. It can be used on Windows, Linux, macOS, and a number of other systems, which is perfect for an attacker looking to spread malware as much as possible.
Malicious Code Is Being Hidden Within the James Webb Image
Hackers are using this James Webb photo to spread malware by hiding malicious code within the image file. Then, when the victim downloads the image onto their device, the malware is also installed. Phishing emails are being used as a vehicle to spread the malicious image file in the form of a Microsoft Office attachment titled “Geos-Rates.docx”.
If certain Word macros are enabled on a victim’s device, a URL within the malicious attachment can download a file and a script, which can then download the James Webb image containing the malware.
This Malware Has Gone Undetected by Antivirus Programs
Securonix stated in a blog post that this malware could not be detected by any antivirus program used in their analysis. The firm listed an array of different programs that were unable to pick up on the malware, including BitDefender and Acronis.
This malware’s ability to bypass detection makes it particularly dangerous, as it can more easily be spread among devices.
Phishing Continues to Be a Popular Malware Distribution Vector
As time passes, phishing attacks are becoming more and more common, be it among organizations or individuals. This is why cybersecurity experts stress the importance of vigilance when it comes to the communications you receive, be it by email, SMS, or social media messages.
Read the full article here