Hackers hid malware in early James Webb Telescope images to steal users’ private data

Hackers have used the first images taken by NASA’s James Webb Space Telescope in a scam that threatens the security of computers.

Security analytics platform Securonix has discovered a new computer security threat that uses the first publicly available James Webb Space Telescope (JWST) image, unveiled by the White House on July 11, to reveal a glowing galaxy formed 4.6 billion years ago. malware.

The attack, named GO#WEBBFUSCATOR, is said to have started with a phishing email containing a Microsoft Office attachment.

If the recipient opens the attachment, the URL in the document’s metadata will download a text file that will run when certain macros are enabled in Word.

This in turn downloads a copy of James Webb’s First Deep Field image, which contains malware that appears to be authentic.

The malicious code in the image appears to be undetectable by antivirus software, while security experts at Securonix state that the malicious file “cannot be detected by all antivirus systems.”

Securonix vice president Augusto Barros told Popular Science that the James Webb space image may have been chosen because even if antivirus software had reported a bug, users might have been more inclined to ignore the warning because the image had been shared. in the whole world.

Hackers may also prefer James Webb images, the high-resolution images published by NASA have large file sizes, thus avoiding suspicion.

And last July, NASA released the long-awaited first image from the James Webb Space Telescope.

The malware campaign also uses Google’s open-source programming language Golang, a trend that has become popular, according to Securonix.

This is because, unlike malware based on other programming languages, they have flexible cross-platform support and are difficult to parse and reverse engineer.

The best way to protect yourself from this attack is to avoid downloading add-ons from unknown sources.

Source: subway