Hacker Uses NASA’s James Webb Space Telescope’s Photo to Install Malware and Antivirus Programs Fail to Identify Infected File [Report]

A hacker used NASA James Webb Space Telescope photo to install malware on Windows machines.

According to cybersecurity company Securonix, which got a sample of the application, the malware-filled picture is not recognized by antivirus programs.

The hacker targets victims by sending phishing emails with a malicious Office document that will instantly download the malware onto a victim's computer.

PCMag, citing Securonix, said the application features a picture acquired by the James Webb Space Telescope.

Hacker Badly Hacks NASA James Webb Telescope For Malware

Although the extent of the problem is unknown, the code itself is rather bad.

"The image contains malicious Base64 code disguised as an included certificate," said Securonix in a blog post.

Securonix, citing VirusTotal at that time, added that the particular file is undetected by all antivirus vendors.

The multistep "GO#WEBBFUSCATOR" attack begins as a standard phishing email with an attachment that looks like a Microsoft Office document.

The program will start after downloading if a user has particular Word macros enabled. At that time, it will download an extra file, in this case through the Webb Telescope's SMACS 0723 picture fronting a Base64 code.

Once triggered, the virus runs several tests to find weaknesses in a machine that hackers may later exploit.

All Antivirus Fail to Identify the Harmful File

The malicious malware may have downloaded an image that makes you wonder, but it is not what it looks like, Newsweek pointed out.

The image's code contains a harmful command function that, when automatically decoded, replicates itself and gives access to your machine to an outsider, such as a hacker.

According to Securonix, all antivirus it tested using VirusTotal had failed to identify the harmful file.

James Webb Space Telescope Launch
KOUROU, FRENCH GUIANA - DECEMBER 25: Launch teams monitor the countdown to the launch of Arianespace's Ariane 5 rocket carrying NASAs James Webb Space Telescope on December 25, 2021, in the Jupiter Center at the Guiana Space Center in Kourou, French Guiana. The James Webb Space Telescope (sometimes called JWST or Webb) is a large infrared telescope with a 21.3 foot (6.5 meter) primary mirror. The observatory will study every phase of cosmic history from within our solar system to the most distant observable galaxies in the early universe. Bill Ingalls/NASA via Getty Images

Malwarebytes, a maker of antivirus software, said in a blog post that their program was able to identify and quarantine the threat, which was shown to be an executable file with the name Msdllupdate.exe.

In any case, the hacker could decide to seize control of the computer or acquire private information with this access.

Why Did the Hacker Use The Deep Space Image?

Augusto Barros, vice president of Securonix, asserts that the virus was sent using Webb's space picture for a reason. He explained that because the image had been shared through several channels, even if an anti-malware app had flagged it for review, the reviewer might have missed it.

Additionally, Barros claims that while the James Webb Space Telescope photos have excellent quality, their file sizes are likewise substantial. As a result, this helps dispel any concerns regarding the file size.

Bleeping Computer added that the virus is built in Golang. This cross-platform programming language is becoming increasingly popular among cybercriminals due to its improved resistance to reverse engineering, analysis, and support for Windows, Linux, and Mac.

A relatively new programming language, Go was initially released in 2009. Its cross-platform adaptability has gained popularity quickly. According to Popular Science, it only recently earned its stable release on Aug. 2.

Check out more news and information on Space in Science Times.

Join the Discussion

Recommended Stories

Real Time Analytics