A new phishing campaign uses interest in images captured by the James Webb telescope to infect victims: malicious softwareanalysts warn.
AND report (opens in a new tab) from security company Securonix discovered that cyber criminals embed malware capable of bypassing antivirus Filters for the image of the SMACS 0723 galaxy cluster, published by NASA earlier this year.
While the image appears completely harmless at first, checking the file with a text editor reveals code designed to run the download of a malicious executable.
James Webb’s telescopic images
In July 2022, NASA published the first selection of images captured by the James Webb Space Telescope, showing for the first time “the earliest, rapid stages of star formation”. Spectacular, colorful images spread instantly on social media platforms.
However, as with any trend or event that captures the public’s imagination, the demand for more telescopic imagery has created an opportunity for cybercriminals.
In this case, the attacker spreads a phishing message that contains a Microsoft Office attachment. Once downloaded, the attachment triggers a chain reaction that eventually results in the malicious image getting onto the victim’s device.
It is said that malware itself, coded in the Golang language to complicate the analysis, is able to extract sensitive data and hand over control of the infected machine to the operator.
To protect against this type of fraud, network users are advised never to download attachments from unsolicited e-mails and to interrogate messages for spelling or grammar errors that may reveal the scam.
Regardless, while this malware strain is said to be able to circumvent security measures, devices should be protected with leading anti-virus and anti-virus software. protection against ransomware software that will reduce the overall risk of infection.