One of the first images taken by the James Webb Telescope that NASA released was “the clearest infrared image of a distant world to date.” This amazing image shows a detailed galaxy cluster. Now, some cyber attackers have turned to using images recorded with telescopes to infect their targets’ systems with malware. Security analytics platform Securonix has identified a new malware campaign that exploits images taken by telescopes to spread its malicious code. This platform named the said malware campaign as GO#WEBBFUSCATOR.
to report AndroidIn this method, hackers attack starts by sending a phishing email containing an attachment to a Microsoft Office document. In the metadata section of this document, there is a hidden URL that loads a file with a script that will be activated if Word software macros are enabled. This process in turn downloads a copy of the first deep web background image (pictured above) that contains a malicious code snippet that is actually disguised as a certificate. Securonix said in its report that all antivirus programs cannot detect the malicious code of this image.
Augusto Barros, vice president of Securonix, told Popular Science that there are several possible reasons why attackers turned to the popular James Webb telescope photo. The first reason is that the high resolution images published by NASA are very large; For this reason, they can prevent people from becoming suspicious. In addition, even if the anti-malware program identifies this photo as an infected item, users may bypass this warning; Because in the past few months, the said image has been widely shared online.
Another interesting thing about the GO#WEBBFUSCATOR malware campaign is that it uses Google’s open source programming language called GoLang. According to Securonix, the popularity of GoLang-based malware is increasing; Because this language has flexible cross-platform support and its analysis and reverse engineering is more difficult than malware based on other programming languages. As we mentioned, this malware campaign, like many other examples, starts with sending a phishing email, and the best way to prevent it is to avoid downloading attachments from unreliable sources.