Security News > 2022 > August > Hackers hide malware in James Webb telescope images
Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.
The malware is written in Golang, a programming language that is gaining popularity among cybercriminals because it is cross-platform and offers increased resistance to reverse engineering and analysis.
The payload's strings are further obfuscated using ROT25, while the binary uses XOR to hide the Golang assemblies from analysts.
Based on what could be deduced via dynamic malware analysis, the executable achieves persistence by copying itself to '%%localappdata%%microsoftvault' and adding a new registry key.
Upon execution, the malware establishes a DNS connection to the command and control server and sends encrypted queries.
The C2 may respond to the malware by setting time intervals between connection requests, changing the nslookup timeout, or sending out commands to execute through the Windows cmd.
News URL
https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/
Related news
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)