Hackers using NASA's famous images by James Webb to attack computers

Cyber-security researchers have identified a strange cyber attack where hackers are exploiting a highly popular deep space images to infiltrate computers with malware..

 These images were taken from NASA's James Webb telescope a few months back.

In July, James Webb produced the deepest and sharpest infrared image of the distant universe to date, known as the 'First Deep Field'.

Securonix Threat research team has identified a persistent Golang-based attack campaign.

It leverages the deep field image taken from the James Webb and Go programming language payloads to infect the target system with the malware.

Golang-based malware is on the rise gaining popularity with APT hacking groups such as Mustang Panda.

Go is an open-source programming language developed in 2007 by Robert Griesemer, Rob Pike, and Ken Thompson at Google.

Initial infection begins with a phishing email containing a Microsoft Office attachment. The document includes an external reference hidden inside the document's metadata which downloads a malicious template file

When the document is opened, the malicious template file is downloaded and saved on the system

Finally, the script downloads a JPEG image that shows the James Webb Telescope deep field image.

"The image file is quite interesting. It executes as a standard jpg image as seen in the image below. However, things get interesting when inspected with a text editor,"

The generated file is a Windows 64-bit executable which is on the large size, at around 1.7 MB.

Securonix recommended the users to avoid downloading unknown email attachments from non-trusted sources, and prevent Microsoft Office products using the company's security recommendations.

Arrow

Discount Up to 82% Today's Hot Deals for YOU