Hackers hide malware in space footage captured by Webb telescope | iThome

by

Security firm Securonix disclosed this weekthey discovered a new campaign in which hackers use the Golang programming language and space footage captured by the Webb telescope to infect victims.

The attack started with a phishing email containing a Microsoft Word file, in one case named Geos-Rates.docx, whose file metadata contained an external reference that might be used to download a malicious template file. Therefore, the template file is downloaded and saved as soon as the user opens the file.

The template file contains a VB script, which is automatically executed once the user enables the macro, and connects to the hacker’s C&C server to download another JPG image file, which is the first image captured by the Webb telescope. Deep Space Photo (Webb’s First Deep Field).

Image source / Securonix

The James Webb Space Telescope is by far the most advanced space telescope in the world. It was officially opened at the end of last year.first deep space photoThe SMACS 0723 galaxy cluster, which was born 4.6 billion years ago, is known as the deepest and clearest infrared image of the early universe.

However, researchers have found that this photo of the SMACS 0723 galaxy cluster hides a malicious program written in Golang and pretends to be a certificate, and until this week has not been detected by other anti-virus products. The purpose of this malware is to reside on the victim system so that it can be controlled by hackers through the C&C server.

In addition to leveraging Webb’s First Deep Field imagery that has recently caught the attention of space junkies,According to a survey by information security firm IntezerMalware written in Golang has increased by 2,000% from 2017 to 2020, Securonix said that compared to C++ or C#, Golang is more difficult to analyze or reverse engineer, and Golang is more cross-platform resilient, In addition, there have been many frameworks used to produce Golang malware and executable files, such as ColdFire or OffensiveGolang, which makes Securonix remind everyone to be vigilant once morest Golang malware.

Photo of author

Alexandra Hartman Editor-in-Chief

Editor-in-Chief Prize-winning journalist with over 20 years of international news experience. Alexandra leads the editorial team, ensuring every story meets the highest standards of accuracy and journalistic integrity.

Monkeypox – What symptoms? What to do in case of suspected infection?

When did Cheng Lu Siwen get divorced? Cheng Lu Siwen made her first appearance together after her divorce jqknews

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.