Beautiful images captured James Webb telescope they revolutionize science, but also used in online fraud. A new malware unidentified by the antivirus uses one of the images released by NASA in July.
The situation was reported by computer security company Securonix. According to the information obtained, the fraud in question uses phishing techniques to distribute a virus and infect the computers of people who are interested in the subject.
The strategy starts with malicious emails containing infected Office files: as soon as the document is opened, the download and an image begin. When opening the file, the user is confronted with a photo of the galaxy cluster SMACS 0723, published on July 11, 2022.
The beautiful photo of the domain downloaded by the malicious file also hides a threat: a cross-platform virus based on Golang, a programming language created by Google that is becoming increasingly popular among cybercriminals.
After the image is opened on a Windows computer, a standard 64-bit program called “msdllupdate.exe” appears on the computer, bringing the real security threat to the user. The malicious solution relies on logs that allow the software to open when the system boots up and manage to communicate remotely with external servers.
how do you protect yourself
According to Securonix, the scam identified as GO#WEBBFUSCATOR will only execute if the user has macros enabled in Office. Also, since the program is distributed via phishing, the email filters themselves can identify the malicious message.
Anyway, the tip is to be careful when opening messages from unknown sources and downloading suspicious-looking files. If you are interested in the photos taken by James Webb, you can find them for download by following this guide.
Source: Tec Mundo