Uncategorized

Webb Telescope Image Being Used To Distribute Malware 

Cybersecurity experts have reported a new attack that uses the “deepest image of space” created by a space telescope.

Researchers from the company Securonix, specializing in information security issues, spoke about a new strategy used to distribute malicious software.

Attackers use phishing emails to lure their victims to the latest NASA JWST images. The scam message contains a Microsoft Office attachment that, when opened, loads an obfuscated VBA macro that, if the recipient of the macro allows, runs automatically.

The result is an image download that at first glance looks like the said JWST deep sky image, but is actually a Base64 encoded payload. The macro then uses certutil.exe to decode the downloaded file into a 1.7MB executable format and then executes it.

During dynamic analysis, the researchers found that the malware provides post-launch persistence and interacts with the C2 server. Securonix has provided a set of indicators of compromise (IoC) on your pages that includes network and host indicators, as well as YARA detection rules.

Leave a Reply

Your email address will not be published. Required fields are marked *