Security News > 2022 > September > Oh no, that James Webb Space Telescope snap might actually contain malware

Oh no, that James Webb Space Telescope snap might actually contain malware
2022-09-01 07:04

Scumbags are using a photo from the James Webb Space Telescope to smuggle Windows malware onto victims' computers - albeit in a roundabout way.

The malware "Incorporates an equally interesting strategy by leveraging the infamous deep field image taken from the James Webb telescope and obfuscated Golang programming language payloads to infect the target system," Securonix's D. Iuzvyk, T. Peck, and O. Kolesnikov wrote in a report this week.

This cybercrime campaign is notable not only for the use of the telescope image but also for using Go, which is becoming increasingly popular among miscreants, such as China-linked Mustang Panda, to create binaries that hamper detection and analysis.

There also are malware frameworks such as ColdFire and OffensiveGolang that can be used to create malware and executables from Go source.

CrowdStrike wrote in a report late last year said that there was an 80 percent increase in malware samples written in Go from June to August 2021.

The executed malware "Was observed making unique DNS connections," the researchers wrote.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/01/webb_telescrope_malware/