A photo of the James Webb telescope contains a virus capable of infecting PCs

A photo of the James Webb telescope contains a virus capable of infecting PCs

The file is called OxB36F8GEEC634.jpg and can arrive by mail. Again, beware of phishing attempts.

Stars, planets, distant galaxies and a malware ready to infect your pc. Cyber ​​security firm Securonix Threat has published a lengthy analysis of the GO # WEBFUSCATOR hacking campaign. A group of hackers, not yet identified, has created a malicious version of one of the most iconic images taken by the James Webb space telescope. The photograph is one of the first published by the telescope and shows the portion of Space named SMACS 0723, a mosaic of lights of different colors. The malware is hidden in the image metadata, the information that allows the PC to understand what type of file they have in front of them. This strip of code is invisible to users but can be found when inspecting the item with a text editor.

According to Securonix at the moment for the antivirus on the market it is very difficult to trace this file: “While we publish our research, the malware is impossible to trace for all the antivirus as confirmed by the analysis of the VirusTotal site”. The hidden code is decoded by the PC on which it arrives and from here starts a program called msdllupdate.exe that is executed by the operating system. From this moment on, a backdoor opens on the infected machine: the hacker who sent the image will be able to communicate with the PC to spy on his files and his activities and also take control of a series of operations. From the first analyzes it seems that the malware is activated when the Office macros are started.

La mail di phishing

But how can such a harmful image get into a PC? It all starts with a phishing email that contains a file called Geos-Rates.docx. If the user chooses to click on this file, the image containing the virus is downloaded. The file is downloaded in .jpg format whose name is a sequence of letters and numbers: OxB36F8GEEC634. The advice to avoid it is always the same: do not open lightly the attachments of emails that come from addresses you do not know.

Leave a Comment