CATEGORIES
home IT/Enterprise Security

Hackers Are Using NASA's James Webb Telescope Images To Disguise Malware Payloads

by Ryan WhitwamWednesday, August 31, 2022, 10:34 AM EDT
webb telescope
The James Webb Space Telescope (JWST) came online this year after more than 20 years of design and development. It's a real watershed moment for astronomy, and unfortunately, yet another way for internet ne'er-do-wells to distribute malware. Security researchers have identified a new malware campaign that has disguised attack payloads as awe-inspiring images from the Webb Telescope. That makes it all the more likely people will open the malware-infected images.

Like other pieces of sophisticated malware, the so-called GO#WEBBFUSCATOR campaign doesn't rely on getting someone to run a naked executable file. According to security firm Securonix, infections begin as a phishing email. The messages contain a Microsoft Word attachment called "Geos-Rates.docx," which downloads a malicious template file if opened. If Office has macros enabled, the application will execute a VB script in the template -- this is where the attack really begins.

The Go-based malware downloads what appears to be an image file named OxB36F8GEEC634.jpg. If you open it in an image viewer, you might not realize anything is amiss. The file appears to be a scaled-down version of galaxy cluster SMACS 0723, known colloquially as the Webb Deep Field. It covers a patch of sky about the apparent size of a grain of sand, but Webb's incredible optics and high sensitivity in the infrared spectrum reveals a sea of thousands of galaxies.

webb malware 1

The victim of the malware, believing they have just gazed into the infinite, will go about their day not realizing that the image contained a Base64-encoded payload. The malware decodes that into an executable (msdllupdate.exe) and launches it. With the malware fully deployed, it copies itself to additional directories and adds registry keys to ensure persistence. Securonix reports that the malware grants the attacker remote control over the system. Researchers observed the authors using arbitrary enumeration commands, a common first step in analyzing a system for further exploitation.

You can avoid this nasty piece of code in a few simple ways, starting with this old chestnut: don't open files that arrive in suspicious emails, even if they aren't executables. You can also make sure macros are disabled in the Office suite as that's a common method of loading malware. Lastly, if you want to look at amazing images from the James Webb Space Telescope, just go straight to the source or let us highlight the most inspiring images for you here.
Tags:  Malware, security, space
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment