Skip to main content

Hackers are hiding a nasty secret in James Webb telescope images

Space images from the James Webb telescope are being used by hackers to hide and distribute malware.

As reported by Bleeping Computer, a new malware campaign titled ‘GO#WEBBFUSCATOR’ has been uncovered, which also involves both phishing emails and malicious documents.

A depiction of a hacked computer sitting in an office full of PCs.
Getty Images

A phishing email named “Geos-Rates.docx” is initially sent to victims, who would then unknowingly download a template file if they fall for the trap.

Should the target system’s Office suite have the macros element enabled, the aforementioned file subsequently auto-executes a VBS macro. This will then allow a JPG image to be downloaded remotely, after which it is decoded into an executable format, and then finally loaded onto the machine.

If the file itself is opened with an image viewer application, the image displays the galaxy cluster SMACS 0723, captured by the recently launched James Webb telescope. That said, opening the same file with a text editor reveals how the image disguises a payload that turns into a malware-based 64-bit executable.

After it’s successfully launched, the malware allows a DNS connection to the command and control (C2) server to be set up. Hackers can then execute commands via the Windows cmd.exe tool.

To help avoid detection, the threat actors incorporated the use of XOR for the binary in order to conceal Golang (a programming language) assemblies from analysts. These assemblies also utilize case alteration so it’s not picked up by security tools.

As for Golang, Bleeping Computer highlights how it’s becoming increasingly popular for cybercriminals due to its cross-platform (Windows, Linux, and Mac) capabilities. And as evidenced above, it’s harder to detect.

Researchers from Securonix have found that domains used for the malware campaign were registered as recently as May 29, 2022. The payloads in question have yet to be flagged as malicious by antivirus scanning systems via VirusTotal.

It’s been a busy year for hackers looking to deliver malware. In addition to the regular tried and tested methods to spread malicious files and the like, they’re even delaying the launch of their dangerous codes once it’s found its way into PCs by up to a month.

Fake DDoS pages, meanwhile, are being incorporated on WordPress sites in order to spread malware as well.

Editors' Recommendations

These are the new AI features coming to Gmail, Google Docs, and Sheets
Google has announced a host of new writing focused AI features for its Workspace suite.

Google Workspace is getting a generative AI boost at the same time that many other productivity suites are adding new features that allow users to simplify clerical tasks with just a prompt.

Following up on the visual redesign to Google Docs and the announcement of Google Bard, these new AI features are the company's latest attempt to bring more buzzy goodness to its most popular applications.

Read more
Edge Copilot finally delivers on Microsoft’s Bing Chat promises
Here's Microsoft's example of how Bing chat will work in the future.

Microsoft is finally making the version of Bing Chat we heard about in February a reality. The latest version of Microsoft Edge (111.0.1661.41) includes the Bing Copoilot sidebar, which allows you to chat, generate AI content, and get insights into topics powered by AI.

This is the form of Bing Chat Microsoft originally pitched. Since its launch, the chat portion of Bing Chat has been available through a waitlist that, according to Microsoft, has amassed millions of sign-ups. However, Microsoft also talked about Bing Copilot, which would live in the Edge sidebar and open up the possibility of generating emails, blog posts, and more, as well as provide context for whatever web page you were on.

Read more
Hackers are using AI to spread dangerous malware on YouTube
Windows shows a malware warning on a Dell laptop.

YouTube is the latest frontier where AI-generated content is being used to dupe users into downloading malware that can steal their personal information.

As AI generation becomes increasingly popular on several platforms, so does the desire to profit from it in malicious ways. The research firm CloudSEK has observed a 200% to 300% increase in the number of videos on YouTube that include links to popular malware sources such as Vidar, RedLine, and Raccoon directly in the descriptions since November 2022.

Read more