Hackers are using the James Webb Telescope's first image to push malware

One of the first images taken by Nasa’s James Webb Telescope is being used by hackers in a phishing scam.

A security analytics platform, Securonix, uncovered the new computer security threat that uses the James Webb Space Telescope‘s first public image to spread malware.

The attack called ‘GO#WEBBFUSCATOR’ reportedly starts with a phishing email containing a Microsoft Office attachment.

If a receiver opens the attachment, a URL within the document’s metadata downloads a file with a script, which runs if certain Word macros are enabled.

This, in turn, downloads a copy of Webb’s First Deep Field photo, containing malicious code masquerading as a certificate.

The malicious code in the image is apparently non-detectable by anti-virus programs.

It’s here–the deepest, sharpest infrared view of the universe to date: Webb’s First Deep Field.

Previewed by @POTUS on July 11, it shows galaxies once invisible to us. The full set of @NASAWebb’s first full-color images & data will be revealed July 12: https://t.co/63zxpNDi4I pic.twitter.com/zAr7YoFZ8C

In July, Nasa released the much-awaited debut picture from its £8.4 billion James Webb Space Telescope.

One of the reasons why the hackers chose the James Webb images could be because the high-resolution images Nasa had released come in massive file sizes, thus evading suspicion.

Securonix’s VP Augusto Barros told Popular Science that even if an anti-malware program flags it, reviewers might pass it over since it’s been widely shared online over the past couple of months.

The malware campaign also uses uses Golang, Google’s open-source programming language, a trend that is becoming popular according to Securonix.

This is because, unlike malware based on other programming languages, they have flexible cross-platform support and are more difficult to analyze and reverse engineer.

The best way to protect yourself from this attack would be to avoid downloading attachments from unfamiliar sources.

Source: Read Full Article