James Webb’s telescope has recently become so popular that attackers have decided to use it.
They took one of the first images released by the observatory and embedded it in a piece of malware they called GO #WEBBFUSCATOR.
James Webb Telescope Malware Attack
They hid malicious code in James Webb’s image.
The attacker uses the first deep field shot. The attack started with a phishing email with an attachment from Microsoft Office. The document metadata hides the URL to download the file with a script that runs when certain Word macros are enabled. Then download a copy of the same telescope photo (First Deep Field) that contains malicious code disguised as a certificate.
No antivirus program can detect malicious code in images when Securonix detects malware. Another interesting nuance is that the same code is written in Google’s open source Golang language.