Hackers Snuck Malware into an Image From the Webb Space Telescope

This is why we will’t have good issues: Security analytics agency Securonix has revealed that hackers have nefariously hidden malware code in a duplicate of a picture from the Webb Space Telescope as a part of a broader hacking marketing campaign.

The Webb Space Telescope is providing views of our universe like by no means earlier than, however hackers are trying to make use of photos from the telescope for extra sinister functions. Securonix not too long ago published a blog that blows the lid off of a hack involving a phishing electronic mail, a phony Microsoft Office attachment, and SMACS 0723, the primary full-color picture from the Webb Space Telescope that was unveiled earlier this summer time. The assault marketing campaign, titled GO#WEBBFUSCATOR, is a brilliant complicated, multi-stage malware assault meant to infiltrate your laptop.

The marketing campaign is written in Go—additionally known as Golang—and Securonix argues that a rise in Go-based malware assaults might be as a consequence of how tough it’s to reverse engineer the language and/or how versatile the language can be at working throughout completely different platforms like Windows, Mac, and Linux.

“To the best of our knowledge, this campaign has been targeting a range of victims in different countries,” mentioned Oleg Kolesnikov. Kolesnikov is Securonix’s vp of Threat Research. “There have been multiple layers of obfuscation/[antivirus] evasion and a number of different payloads involved in the attack. We do not know yet what the end-goal objective of the attack is.”

The assault is a multi-stage marketing campaign that begins with a phishing electronic mail containing an unsuspecting attachment modelled to seem like it’s come from Microsoft Office. When downloaded, a malicious file will start downloading. If the person has the precise macros put in, the file will then execute the obtain of a picture file, which seems because the SMACS 0723 picture from the Webb Space Telescope however incorporates a Base64 code. Securonix then discovered that the malware would execute encrypted DNS queries to attach with C2 servers and run arbitrary enumeration instructions, which Bleeping Computer says is a regular first reconnaissance step for hackers to poke and prod at a focused laptop.

The excellent news is that the unique SMACS 0723 picture seems to be protected and remains to be gorgeous to take a look at—simply be cautious of any unusual Microsoft Office attachments despatched to your electronic mail.