Threat analysts have spotted a new malware campaign dubbed ‘GO#WEBBFUSCATOR’ that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.
The malware is written in Golang, a programming language that is gainingpopularity among cybercriminalsbecause it is cross-platform (Windows, Linux, Mac) and offers increased resistance to reverse engineering and analysis.
In the recent campaign discovered by researchers at Securonix, the threat actordrops payloads that are currently not marked as malicious by antivirusengines on the VirusTotal scanning platform.Top ArticlesREAD MOREMicrosoft Edge 105 won’t start due to old grouppolicy – How to fix
The infection starts with a phishing email with an attached malicious document, “Geos-Rates.docx”, which downloads a template file.
That file contains an obfuscated VBS macro that auto-executes if macros are enabled in the Office suite. The code then downloads a JPG image (“OxB36F8GEEC634.jpg”) from a remote resource (“xmlschemeformat[.]com”),decodes…
View original post 351 more words