Hackers hide malware in James Webb telescope images

David Perreault « Professional Drummer & Targeted Individual »

Hackers hide malware in James Webb telescope images

Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.

The malware is written in Golang, a programming language that is gainingpopularity among cybercriminalsbecause it is cross-platform (Windows, Linux, Mac) and offers increased resistance to reverse engineering and analysis.

In the recent campaign discovered by researchers at Securonix, the threat actordrops payloads that are currently not marked as malicious by antivirusengines on the VirusTotal scanning platform.Top ArticlesREAD MOREMicrosoft Edge 105 won’t start due to old grouppolicy – How to fix

Infection chain

The infection starts with a phishing email with an attached malicious document, “Geos-Rates.docx”, which downloads a template file.

That file contains an obfuscated VBS macro that auto-executes if macros are enabled in the Office suite. The code then downloads a JPG image (“OxB36F8GEEC634.jpg”) from a remote resource (“xmlschemeformat[.]com”),decodes…

View original post 351 more words

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.