Hackers use NASA’s famous deep-space image to attack computers

Posted: Date Posted – 12:00 PM, Sat – Sep 3, 22

Hackers use NASA's famous deep-space image to attack computers

A newly discovered hacking campaign is exploiting an image from the James Webb Telescope to infect targets with malware.

New Delhi: Cybersecurity researchers have identified a unique attack where hackers are exploiting a hugely popular deep-space image taken by NASA’s James Webb Telescope to infiltrate computers with malware.

A newly discovered hacking campaign is exploiting an image from the James Webb Telescope to infect targets with malware.

In July, James Webb produced the deepest, sharpest infrared image of the distant universe to date, known as the “First Deep Field.”

Now, the Securonix Threat research team has identified a Golang-based persistent attack campaign, which incorporates an equally interesting strategy by leveraging deep-field imagery taken from James Webb and language payloads from Golang (or Go) obfuscated programming to infect the target system with the malware.

Golang-based malware is gaining popularity with APT hacking groups such as Mustang Panda.

Go is an open source programming language developed in 2007 by Robert Griesemer, Rob Pike and Ken Thompson of Google.

“The initial infection begins with a phishing email containing a Microsoft Office attachment. The document includes a hidden external reference in the document metadata that downloads a malicious template file,” the researchers said.

When the document is opened, the malicious template file is downloaded and saved on the system.

Finally, the script downloads a JPEG image that shows the deep field image from the James Webb Telescope.

“The image file is quite interesting. It runs as a standard jpg image as shown in the image below. However, things get interesting when inspected with a text editor,” the researchers explained.

The generated file is a large 64-bit Windows executable, around 1.7 MB.

Securonix advised users to avoid downloading unknown attachments from untrusted sources and to prevent Microsoft Office products from using company security recommendations.

Comments are closed.