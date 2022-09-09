A few months ago, NASA published ‘the sharpest infrared image of the distant universe to date’. This photograph was taken thanks to the James Webb telescope, which has offered an amazing detailed view of multiple galaxies in the universe. However, the photograph we were talking about earlier is also being used by cybercriminals to inject malware based on the Securonix analysis signature.

According to this firm, a new malware campaign has been identified that consists of using the JWST image to take control of the victim’s device.

A malware that avoids any antivirus

The procedure used by attackers begins through email. And it is that through the use of phishing techniques and said photography, manage to inject malware into the user’s computer to take control. The email usually contains a Microsoft Office document with a URL in the document’s metadata. When we open the document, it downloads a file with a hidden script if certain Word macros are active.

The file you download is a copy of the James Webb Telescope image of the universe, which contains malicious code which is hidden by making the system believe that it is just another certificate.

The Securonix report states that no antivirus was able to detect the malicious code that was in the picture, so the technique appears to be quite serious.

Augusto Barros, vice president of Securonix, says that there are several reasons why this image is being used to inject malware. One is due to large file size. And it is that the official high-resolution images of NASA are usually quite heavy, so it may be less suspicious in that regard. In addition, the fact that it has been shared a good number of times on the network, although an antivirus notifies the danger of the image, users could ignore the warnings as they are known images.

The malicious code that is injected into the image is peculiar, as it uses Golang (Go), Google’s open-source programming language. According to the analyst firm, this language is causing some popularity when designing malware due to its versatility across platforms and is more difficult to reverse engineer than other programming languages.

As usual, the best recommendation we can give you to avoid phishing via e-mail is never download or open attachments from unknown contacts and mark as spam the message.