A new phishing campaign is taking advantage of interest in the images captured by the James Webb telescope to infect victims with malware, analysts have warned.
A report (opens in new tab) from security firm Securonix found cybercriminals are embedding malware capable of bypassing antivirus filters into an image of the SMACS 0723 galaxy cluster, published by NASA earlier this year.
Although at first the image appears entirely innocuous, inspecting the file in a text editor reveals code designed to trigger the download of a malicious executable.
James Webb telescope images
In July 2022, NASA released the first selection of images captured by the James Webb Space Telescope, detailing the “earliest, rapid phases of star formation” for the first time. The spectacular full-color images spread like wildfire over social media platforms.
However, as with any trend or event that captures the public imagination, the demand for more telescope images has created an opening for cybercriminals.
In this instance, the threat actor distributes a phishing email containing a Microsoft Office attachment. Once downloaded, the attachment triggers a chain reaction that ultimately results in the malicious image making its way onto the victim’s device.
The malware itself, coded in Golang in order to complicate analysis, is said to be capable of exfiltrating sensitive data and handing control of the infected machine to the operator.
To shield against scams of this kind, web users are advised never to download attachments from unsolicited emails and to interrogate messages for errors of spelling or grammar that might betray a scam.
Separately, although the malware strain in question is reportedly able to bypass security measures, devices should nonetheless be protected with leading antivirus and ransomware protection software, which will reduce the overall risk of an infection.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba