The bad actors start the malware attack with a phishing email that contains a Microsoft Office attachment, Engadget reports. That file contains a URL in its metadata that will download a file script and run if certain Microsoft Word macros are enabled. From there, it downloads a copy of the James Webb Space Telescope photo (shown above) that has been embedded with malicious code.
Once it is on a computer, the malware will run various tests to find any weaknesses in a target computer that can be exploited, Popular Science explains. At the time of publication, all antivirus software was able to spot the malware.
What is weird about this particular attack, which is called GO#WEBBFUSCATOR and uses Golang programming language, is that while it does use the Webb telescope photo as a means to get into a target computer, the end user isn’t even ever supposed to see it.
“If it is flagged for review by an anti-malware solution, the reviewer may overlook it as it’s been an image shared through multiple channels lately,” Augusto Barros, Vice President at Securonix tells Popular Science.
“As the high-resolution images from James Webb Space Telescope are also massive, it also helps reduce any suspicious related to the size of the file.”
Golang is an open-source programming language developed by Google. It is relatively new and while it was first unveiled in 2009, it only had its first stable release last month.
“We are seeing evidence that this language is being adopted by malware developers. It makes it easier to develop cross-platform, network friendly software, which is what malware authors are developing,” Barros continues.
“It is interesting because it shows that malware developers follow the same pattern of adopting development tools according to their ‘requirements’ as any other developer.”
While how this particular malware infects a computer is unique in that it rides on the back of the James Webb Telescope photo, it still needs a user to download an attachment in order to infect a host device. As a result, the best way to avoid infection is via the same advice given for any email-based phishing scam: don’t download any attachments from untrusted sources.
Image credits: NASA, ESA, CSA, and STScI