Security News > 2022 > August > Hackers hide malware in James Webb telescope images
Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware.
The malware is written in Golang, a programming language that is gaining popularity among cybercriminals because it is cross-platform and offers increased resistance to reverse engineering and analysis.
The payload's strings are further obfuscated using ROT25, while the binary uses XOR to hide the Golang assemblies from analysts.
Based on what could be deduced via dynamic malware analysis, the executable achieves persistence by copying itself to '%%localappdata%%microsoftvault' and adding a new registry key.
Upon execution, the malware establishes a DNS connection to the command and control server and sends encrypted queries.
The C2 may respond to the malware by setting time intervals between connection requests, changing the nslookup timeout, or sending out commands to execute through the Windows cmd.
News URL
https://www.bleepingcomputer.com/news/security/hackers-hide-malware-in-james-webb-telescope-images/
Related news
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)