A new phishing campaign is taking advantage of interest in the images captured by the James Webb telescope to infect victims with malware, analysts have warned.
A report (opens in new tab) from security firm Securonix found cybercriminals are embedding malware capable of bypassing antivirus filters into an image of the SMACS 0723 galaxy cluster, published by NASA earlier this year.
Although at first the image appears entirely innocuous, inspecting the file in a text editor reveals code designed to trigger the download of a malicious executable.
James Webb telescope images
In July 2022, NASA released the first selection of images captured by the James Webb Space Telescope, detailing the “earliest, rapid phases of star formation” for the first time. The spectacular full-color images spread like wildfire over social media platforms.
However, as with any trend or event that captures the public imagination, the demand for more telescope images has created an opening for cybercriminals.
In this instance, the threat actor distributes a phishing email containing a Microsoft Office attachment. Once downloaded, the attachment triggers a chain reaction that ultimately results in the malicious image making its way onto the victim’s device.
The malware itself, coded in Golang in order to complicate analysis, is said to be capable of exfiltrating sensitive data and handing control of the infected machine to the operator.
To shield against scams of this kind, web users are advised never to download attachments from unsolicited emails and to interrogate messages for errors of spelling or grammar that might betray a scam.
Separately, although the malware strain in question is reportedly able to bypass security measures, devices should nonetheless be protected with leading antivirus and ransomware protection software, which will reduce the overall risk of an infection.