"Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope"

The deep field image taken by NASA's James Webb Space Telescope (JWST) has been used as a lure by a persistent Golang-based malware campaign called "GO#WEBBFUSCATOR" to deploy malicious payloads on infected systems. According to Securonix, the development indicates that threat actors are increasingly adopting Go because of the programming language's cross-platform support, which effectively enables the operators to leverage a common codebase to target different operating systems. In addition, unlike malware written in other languages such as C++ or C#, Go binaries make analysis and reverse engineering more difficult and prolong analysis and detection attempts. Phishing emails with a Microsoft Office attachment serve as the entry point for the attack chain, which, when opened, retrieves an obfuscated VBA macro that is then auto-executed if the recipient has macros enabled. When the macro is run, an image file named "OxB36F8GEEC634.jpg" is downloaded, which appears to be an image of the First Deep Field captured by JWST but, when examined with a text editor, is actually a Base64-encoded payload. This article continues to discuss the use of images taken by NASA's JWST to hide malware. 

THN reports "Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope"