Taking advantage of the craze for NASA’s spectacular shots, malicious hackers launched a phishing campaign by embedding malware in a photo taken by the James Webb telescope.
Every time NASA (the US National Aeronautics and Space Administration) unveils new photos taken by the James Telescope Webb – a gigantic space observation instrument that is more than 1.5 million kilometers from Earth – The Internet is boiling. Everyone rushes on these spectacular and very detailed shots which make us discover unprecedented events in space, by capturing information invisible to the naked eye, far in the galaxy and in time. Internet users seek to download them as desktop or mobile wallpapers (see our fact sheet). But this craze has not escaped the hackers, who have decided to use these images to thwart our surveillance and infect the devices…
Pictures James Webb : a malicious software hidden in files JPG
Cybersecurity experts from Securonix conducted the investigation and uncovered a campaign of phishing which aims to install malicious software in the computer, capable of monitoring and spying on the victim’s activity remotely. The company detailed the mode of infection in a report from Monday August 30. Named Go#Webfuscatorthis scam starts with a very ordinary phishing email, which encourages the victim to open the attachment to discover a photo captured by the James Telescope Webb. This one shows the galaxy cluster SMACS 0723, described by Nasa as “the deepest and sharpest infrared image of the distant universe to date”. It’s actually a Word file called Geos-Rates.docxwhich contains code written in the programming language golang. This is very popular with hacker car it is difficult to detect and works on almost all programming systems.
Once the document is downloaded, the malicious Visual Basic script will download. If the macros – a computer programming tool that allows you to synthesize a series of various commands into a single shortcut – are activated, the Word file will actually display the famous photo, but also run software (msdlupdate.exe). This is designed to receive orders and communicate with the hacker’s encrypted server. The hacker can therefore spy on and recover data from the device – type of operating system, version of kernelinstalled apps – as well as take control of it. Of course, everything is done using camouflage that renders operations undetectable. This is why we will never remember it enough: never open them attachments and never click on links in an email or SMS from a stranger!