Hackers exploit NASA’s famous deep space image to attack computers
Hackers are exploiting a hugely popular deep space image
Cyber-security has identified this
unique attack.
A newly-discovered hacking campaign is exploiting an image from the James Webb Telescope to infect targets with malware.
A newly discovered hacking campaign is
exploiting an image that is from the James Webb Telescope to infect some targets
by using malware.
James Webb produced the deepest and
sharpest infrared image in the month of July which was of the most distant
universe to date, known as the “First Deep Field”.
Now, the Securonix Threat research team
has identified a persistent Golang-based attack campaign, that incorporates an
equally to interesting strategy by leveraging the deep field image taken from
the James Webb and obfuscated Golang (or go) programming language payloads to
infect the target system with the malware.
Golang-based malware is based on the rise
gaining popularity with Apt hacking groups such as Mustang Panda. And Go is an
open-source programming language developed in 2007 by Robert Griesemer, Rob
Pike, and Ken Thompson at Google.
Initially, the infection begins with a
phishing email containing a Microsoft Office attachment. The document includes an
external reference hidden inside the document’s metadata which downloads a
malicious template file, conclusion by research.
When the document is opened, the malicious template file is downloaded and saved on the system. Finally, the script downloads a JPEG image that shows the James Webb Telescope deep field image.
This
image file is quite interesting. It executes as a standard jpg image as seen in
the image below. However, these things get interesting when inspected with a
text editor, This is all explained by researchers.
The generated file is a Windows 64-bit executable which is a large size, at around 1.7 MB. Securonix recommended that users avoid downloading unknown email attachments from non-trusted sources and prevent Microsoft Office products from using the company's security recommendations.
Story Source:
Materials provided by IANS. The original text of this story is licensed under a Creative Commons License. Note: Content may be edited for style and length.
Journal Reference:
0 Comments