Hackers are known to be creative in their ways. There’s a new method they have devised to get into a system and then use malware to extract money or steal data from unsuspecting users. A group of cybersecurity researchers has discovered a unique attack where hackers are exploiting a hugely popular deep space image taken from NASA‘s James Webb telescope to infiltrate computers with malware.
The Securonix Threat research team has exposed a hacking campaign that is making use of the James Webb Telescope to infect targets with malware. The extremely high-definition image was produced by the Webb Telescope which is considered as the deepest and sharpest infrared image of the distant universe to date. It is named ‘First Deep Field’.
According to the study, a persistent Golang-based attack campaign, incorporates an equally interesting strategy by leveraging the deep field image taken from the James Webb and obfuscated Golang (or Go) programming language payloads to infect the target system with the malware.
A blog published by the cybersecurity firm states Golang-based malware is on the rise gaining popularity with APT hacking groups such as Mustang Panda. Go is an open-source programming language developed in 2007 by Robert Griesemer, Rob Pike, and Ken Thompson at Google.
“Initial infection begins with a phishing email containing a Microsoft Office attachment. The document includes an external reference hidden inside the document’s metadata which downloads a malicious template file,” said the researchers.
When the document is opened, the malicious template file is downloaded and saved on the system.
Finally, the script downloads a JPEG image that shows the James Webb Telescope deep field image.
“The image file is quite interesting. It executes as a standard jpg image as seen in the image below. However, things get interesting when inspected with a text editor,” the researchers explained.
The generated file is a Windows 64-bit executable which is on a large size, at around 1.7 MB.
What can users do to stay safe from this malware?
The Securonix research group has recommended users to avoid downloading unknown email attachments from non-trusted sources, and prevent Microsoft Office products using the company’s security recommendations.