You will also be interested
[EN VIDÉO] The first images from the James Webb Space Telescope Discover the first images sent by NASA of the JWST, the space telescope with unparalleled performance.
At this moment, the Pictures spectacularuniverse taken by the telescope spatial James Webb attract attention and cybercriminals have understood this. This is how they developed a phishing campaign using the photos of the telescope as a vector. This is what the experts of the cybersecurity company Securonix identified and christened Go#Webbfuscator.
“Go”, because the code implanted in the image is written in Golang. It is a popular programming language among hackers because it has the advantage of being difficult to identify and it works on almost all systems. The victim will receive an email that includes an attachment a .Word document called Geos-Rate.docx.
Malware hides in the image
Once the document is opened with the text editor and if the automatic execution of macros is activated in Word, the malicious code is repatriated while displaying in the document the magnificent photo of the galaxies Smacs 0723 published last July. From that moment, the malware is connected to its encrypted server.
This maneuver would then only be a first step for the pirates. The rest remains unclear and experts do not know what the final objective of these attacks is. It must be said that the campaign targeted victims in different countries and that the payloads were not always the same.
As always, the presence of a Word file as an attachment accompanying an email urging you to open it should inspire the greatest suspicion. Likewise, while Microsoft blocked by default the execution of macros for downloaded files, their automatic activation by the user remains a very bad idea.
Interested in what you just read?