Malware is being spread using an image from the Webb Telescope

NASA has released the most detailed image of the distant universe taken by the James Webb Telescope. It shows a cluster of galaxies in great detail. Malware is also being spread by bad actors using it. A new malware campaign called GO#WEBBFUSCATOR has been identified by the security analytics platform Securonix.

A Microsoft Office attachment is attached to a phishing email. It is possible to run a script within the document’s metadata by using a URL hidden within the metadata. A malicious code masquerading as a certificate is then downloaded alongside Webb’s First Deep Field photo (pictured above). As per the company, no anti-virus programs detected the malicious code within the image.

The bad actors might have used the popular James Webb photo for a couple of reasons, according to Securonix VP Augusto Barros. A major reason for NASA’s release of high-resolution images is their huge file size, which can evade suspicion in this regard. The fact that it has been widely shared online in the last few months might cause reviewers to overlook it, even if an anti-malware program flags it. 

It is also interesting to note that the malware is programmed in Golang, Google’s open-source programming language. Security company Securonix predicts that golang-based malware will grow in popularity since it offers cross-platform support and is more difficult to analyze and reverse engineer than malware created using other programming languages. Avoid downloading attachments from untrusted sources, as with any phishing attack that starts with a phishing email.

Leave a Comment