One of the first images taken by Nasa’s James Webb Telescope is being used by hackers in a phishing scam.
A security analytics platform, Securonix, uncovered the new computer security threat that uses the James Webb Space Telescope‘s first public image to spread malware.
The attack called ‘GO#WEBBFUSCATOR’ reportedly starts with a phishing email containing a Microsoft Office attachment.
If a receiver opens the attachment, a URL within the document’s metadata downloads a file with a script, which runs if certain Word macros are enabled.
This, in turn, downloads a copy of Webb’s First Deep Field photo, containing malicious code masquerading as a certificate.
The malicious code in the image is apparently non-detectable by anti-virus programs.
It’s hereâthe deepest, sharpest infrared view of the universe to date: Webb’s First Deep Field.
Previewed by @POTUS on July 11, it shows galaxies once invisible to us. The full set of @NASAWebb’s first full-color images & data will be revealed July 12: https://t.co/63zxpNDi4I pic.twitter.com/zAr7YoFZ8C
In July, Nasa released the much-awaited debut picture from its £8.4 billion James Webb Space Telescope.
One of the reasons why the hackers chose the James Webb images could be because the high-resolution images Nasa had released come in massive file sizes, thus evading suspicion.
Securonix’s VP Augusto Barros told Popular Science that even if an anti-malware program flags it, reviewers might pass it over since it’s been widely shared online over the past couple of months.
The malware campaign also uses uses Golang, Google’s open-source programming language, a trend that is becoming popular according to Securonix.
This is because, unlike malware based on other programming languages, they have flexible cross-platform support and are more difficult to analyze and reverse engineer.
The best way to protect yourself from this attack would be to avoid downloading attachments from unfamiliar sources.
Source: Read Full Article