A new phishing campaign is taking advantage of interest in images captured by the James Webb Telescope to infect victims with malwareanalysts warned.
A report (opens in new tab) from security firm Securonix found that cybercriminals are embedding malware capable of bypassing anti virus filters in an image of the galaxy cluster SMACS 0723 released by NASA earlier this year.
Although the image appears completely harmless at first, inspecting the file in a text editor reveals code designed to trigger the download of a malicious executable.
Images from the James Webb Telescope
In July 2022, NASA released the first selection of images taken by the James Webb Space Telescope, describing for the first time the “earliest, rapid phases of star formation”. The spectacular full-color images have spread like wildfire across social media platforms.
However, as with any trend or event that captures the public imagination, the demand for more telescope images has created an opportunity for cybercriminals.
In this case, the threat actor distributes a phishing email containing a Microsoft Office attachment. Once downloaded, the attachment sets off a chain reaction that eventually leads to the malicious image making its way onto the victim’s device.
The malware itself, coded in Golang to complicate analysis, is said to be capable of exfiltrating sensitive data and handing over control of the infected machine to the operator.
To protect against scams of this kind, web users are advised never to download attachments from unsolicited e-mails and to question messages for spelling or grammatical errors that could betray a scam.
Separately, although the type of malware in question is reported to be able to bypass security measures, devices should still be protected with leading antivirus and ransomware protection software that will reduce the overall risk of infection.