Not a day goes by that a new hacker news is not announced. Security analytics firm Securonix has revealed that hackers sneaked malware code into a copy of an image from the James Web Space Telescope as part of a broader hacking campaign.
The James Web Space Telescope offers clear images of our universe we’ve never seen before, but hackers are trying to use the images from the telescope for more sinister purposes. Securonix recently published a blog post describing an attack that included a phishing email, a fake Microsoft Office attachment, and SMACS 0723, the first full-color image from the Webb Space Telescope unveiled earlier this summer. Titled GO#WEBBFUSCATOR, the attack is a multi-layered attack aimed at infiltrating computers.
The code is written using Go, and Securonix Go-based attacks have increased recently, and these codes run on different platforms such as Windows, Mac, and Linux.
The attack is a multi-stage campaign that begins with a phishing email with an unsuspecting attachment modeled to appear to come from Microsoft Office. Once downloaded, a malicious file starts downloading. If the user has the correct macros installed, the file then executes a download of an image file that appears as a SMACS 0723 image from the James Web Space Telescope but contains a Base64 code. Securonix says the malware will then execute encrypted DNS queries and run random enumeration to connect to the C2 servers.
The original SMACS 0723 image looks intact. Therefore, it is useful to pay attention to the Microsoft Office add-ins that have recently arrived in the mailbox.
17059
