Hacker Uses James Webb Space Telescope Image for Malware Attack

pcmag.com:

A hacker has been using an image taken by the James Webb Space Telescope to load malware onto Windows computers. 

The malware-laden image is not currently detected by antivirus programs, according(Opens in a new window) to cybersecurity firm Securonix, which obtained a sample of the program.

The hacker is targeting victims through phishing emails containing a malicious Office document, which is designed to automatically download the malware on a victim's PC. During the process, Securonix noticed the software includes an image taken by the James Webb Space Telescope.

The image itself is a jpg file and looks like the iconic photo of a region of space called SMACS 0723, which the space telescope captured earlier this year. But according to Securonix, the file contains hidden computer code, which can be viewed when the image is inspected with a text editor. 

“The image contains malicious Base64 code disguised as an included certificate. At the time of publication, this particular file is undetected by all antivirus vendors according to VirusTotal,” Securonix wrote in a blog post. 

The hidden computer code essentially functions as the key building block for the main malware program. Specifically, the attack decodes the computer code from the image file into a Windows 64-bit program called msdllupdate.exe, which can then be executed on the Windows system. 

Securonix analyzed the malware program and found it’ll try to maintain persistence on a Windows computer by implanting a binary program “into the Windows registry Run key.” This will force the computer to launch the malware every time the system boots up. The malware is also designed to receive orders and communicate with the hacker’s command and control server. Hence, the