One of the stunning images from the James Webb telescope is now being used by malicious actors to spread malware between devices.
An image from the first set of photos of the James Webb telescope is now being exploited by cybercriminals, who hide malicious code within the files to spread malware.
Some James Webb image files are now a security threat
In July 2022, the first images captured by the James Webb Telescope were released to the public. These highly detailed photos gave the world a greater understanding of what the universe looks like. However, this incredible event is now being capitalized on by malicious actors.
In September 2022, security analysis firm Securonix discovered that one of the first five images of James Webb is now being exploited by hackers to spread malware. Securonix has coined it as the “GO#WEBBFUSCATOR” malware campaign, with the “GO” related to the type of coding language used in the company, Golang.
Golang has been around for some time, but only had its first stable release in August 2022. And in no time, malicious parties started using this language to spread malware. One of the main reasons for this is that Golang is cross-platform. It can be used on Windows, Linux, macOS, and a host of other systems, which is perfect for an attacker looking to spread malware as much as possible.
Malicious code is hidden inside James Webb’s image
Hackers are using this photo of James Webb to spread malware by hiding malicious code inside the image file. Then, when the victim downloads the image on her device, the malware is also installed. Phishing emails are used as a vehicle to spread the malicious image file in the form of a Microsoft Office attachment titled “Geos-Rates.docx”.
If certain Word macros are enabled on the victim’s device, a URL within the malicious attachment can download a file and script, which can then download the James Webb image containing the malware.
This malware has not been detected by antivirus programs
Securonix stated in a blog post that this malware could not be detected by any antivirus software used in its analysis. The company listed a variety of different programs that failed to detect the malware, including BitDefender and Acronis.
The ability of this malware to evade detection makes it particularly dangerous as it can spread more easily between devices.
Phishing remains a popular malware distribution vector
As time goes by, phishing attacks become more and more common, whether between organizations or individuals. This is why cybersecurity experts stress the importance of vigilance when it comes to the communications you receive, whether it’s via email, SMS, or social media messages.
