Hackers use any media topic to spread malware. Even the most unexpected ones, like the images that NASA is releasing from the James Webb Telescope. As in most of these campaigns all part of a phishing attack which we should be aware of, but which continue to offer cybercriminals high profitability.

The first published photograph taken by James Webb was “The sharpest infrared image of the distant universe in the history of astronomy”. One of the telescope’s big goals is to study the first stars and galaxies that formed in the early universe after the Big Bang, and in this spectacular capture we could see the supercluster SMACS 0723 as it should have been 4.6 billion years ago.

But today is not the time to talk about deep space and cyber security, because this image is used (like others with high media impact) to infect computers. Detected by Securonix and named GO#WEBBFUSCATOR, it stands out not only for the chosen hook, but also for the language used for its development and the ability to evade antivirus detection.

The attack starts with email which contains a Microsoft Office attachment. Hidden in the document’s metadata is a URL that downloads a script file that will run if Word macros are enabled (macros are still very dangerous).

In return, download a copy of the image First deep field by James Webb containing a malicious code masquerading as a certificate. In its report on the campaign, Securonix explains that few antiviruses were able to detect the malicious code in the image. For many reasons. One is that the high-resolution images that NASA has released come in large file sizes and can avoid suspicion in this regard. Additionally, even if it is flagged by an anti-malware program, reviewers may miss it because it has been widely shared online in recent months.

Another interesting aspect of this malware is that it uses Golang for developing malware code. Google’s new open-source programming language has gained widespread popularity because it has flexible cross-platform support and is more difficult to analyze and reverse engineer than malware based on other programming languages.

Beware of phishing

It is the second most important computer attack (after Ransomware) and the longest running. Attacks have been known since time immemorial and are still enormously profitable today as yesterday. Yes, although it may seem unbelievable to experienced users, We continue to fall into the traps set by criminals. Sometimes they are in well-prepared campaigns like the one we are dealing with and others are quite absurd attacks.

In all cases, we must submit an application caution and common sense because the phishing threat is obvious. The good thing is that the vast majority of attacks are detectable if you pay due attention to some general advice such as:

• Do not open e-mails from unknown users or e-mails that you did not request, delete them directly.
• Do not download any attachments from these types of messages, even from people you know. It will likely contain a banking Trojan.
• Be wary of any email that redirects you to other websites.
• Use common sense with those promotions that “give away” anything. Always mistrust.
• No company will request our details by email.
• Especially financial companies. They will never ask you for important data.
• Always enter through an official URL protected and secured by HTTPS. Make sure you have the appropriate certificate.
• Taking extra care with shortened URLs is usually a mechanism used by scammers to disguise malicious links.
• If you receive a message from your bank and are in doubt, seek help through their website, physical office or official website.
• Be suspicious of essays with grammatical errors, they are the product of automatic translations and are all false.
• Never share your passwords with anyone through any internet medium.
• If you are using a mobile app, always download from the official website.
• Consider using an extension for your browser such as Password Alert.
• Increase your overall security: strong passwords; updated software; browsing trusted sites…