One of the first images taken by the James Webb Telescope, released by NASA, was “the sharpest infrared image of the distant universe ever.” This is an amazing photo showing a detailed cluster of galaxies. It is also currently used by bad actors to infect systems with malware. A security analysis platform Securonix has identified a new malware campaign that uses the image, and the company is calling it GO#WEBBFUSCATOR.
The attack starts with a phishing email containing a Microsoft Office attachment. Hidden in the document’s metadata is a URL that downloads a script file that runs if certain Word macros are enabled. This in turn downloads a copy of the first Webb Deep Field image (pictured above), which contains malicious code disguised as a certificate. In its report on the campaign, the company said that all antivirus programs failed to detect the malicious code in the image.
Securonix Vice President Augusto Barros said Popular science that there are several possible reasons why bad actors chose to use James Webb’s popular photo. One is that the high-resolution images released by NASA come in huge file sizes and can avoid suspicion in this regard. Also, even if anti-malware flagged it, reviewers might miss it because it was widely shared online over the past few months.
Another interesting thing about the campaign is that it uses Golang, Google’s open source programming language, for its malware. Securonix says Golang-based malware is growing in popularity because it has flexible cross-platform support and is more difficult to analyze and reverse engineer than malware based on other programming languages. Like any other malware campaign that starts with a phishing email, however, the best way to avoid falling victim to this attack is to avoid downloading attachments from untrusted sources.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may earn an affiliate commission.