New Delhi, Sep 3 : Researchers in cyber-security have discovered a unique attack in which hackers exploit the hugely well-known deep space image by NASA’s James Webb telescope to infect computer systems with malware.A new hacking attack exploits an image taken from the James Webb Telescope to infect victims with malware.
In Julyof this year, James Webb produced the most detailed and sharpest infrared images of the universe’s distant regions to date, dubbed the “First Deep Field”.
Then, Securonix Threat research team has discovered a persistent Golang attack plan, that employs an equally intriguing strategy of making use of the deep-field image derived from James Webb and obfuscated Golang (or Go) programming language payloads to infect the targeted system with malware.
Golang-based malware is currently on the increasing recognition with APT hacking groups like Mustang Panda.
Go is an open-source programming system created in 2007 by Robert Griesemer, Rob Pike as well as Ken Thompson at Google.
“Initial attack begins with an email that is phishing and contains an Microsoft Office attachment.The document contains an external reference that is hidden within the metadata of the document that downloads a malicious template,” said the researchers.
Once the document has been opened the malicious template downloads and is saved to the system.
The script then downloads the JPEG image that displays the James Webb Telescope deep field image.
“The image file itself is fascinating.It works as normal jpg images as you can see in the picture below.
However, things become interesting when you examine the image with an editor for text,” the researchers explained.
The file that is generated is an Windows 64-bit executable that is of a large size, averaging 1.7 millibytes.
Securonix advised users to stay away from downloading unknown email attachments from untrusted sources and to avoid Microsoft Office products using the security guidelines of the company.
na/
