NASA revealed the most profound infrared photograph of the universe to date, caught through their legendary James Webb Space Telescope in July this year. Much to their dismay, in under two months, a similar photograph would be utilized as a transporter to smuggle new malware into the gadgets of clueless individuals.
The image, published on July 11, showed a large number of cosmic systems in a fix of sky roughly the size of a grain of sand and immediately turned into the discussion of the world.
As of late, cybersecurity research firm Securonix uncovered a new phishing effort, where the image was being utilized to slip a formerly obscure malware into the target devices. This virus appears to sidestep all presently known types of defense against threats.
As indicated by Securonix, the designers of the malware are conveying phishing messages with MS Office attachments with the picture, which evokes a lot of curiosity among individuals. Securonix analysts broke down a similar image file utilizing text editor software and tracked down the hidden code.
“The new malware utilizes Golang language. As indicated by researchers at Securonix, the attacker drops payloads that are not presently hailed as malicious by antivirus engines on VirusTotal,” said Mr. Harshil Doshi, country administrator (India), Securonix.
VirusTotal is a web search tool that employs services of all suitable antivirus software to check for viruses or malware in a specific file or web page. A ‘payload’ is the technical term for the malicious code that a file drops into the target gadget.
In basic words, the payload not appearing on VirusTotal implies that the malware can pass unnoticed under the radar of currently available antivirus software. This is to some extent credited to the way that it is written in the Go language, or called Golang, a code that makes it more challenging to identify and figure out malware.
While not much is known about the malware, named GO#WEBFUSCATOR, researchers have noticed data stealing capacities in its code and in the manner in which it speaks with its Command and Control (C2) server. A C2 server controls every one of the activities of the malware and gets the information extracted by it.
“In general, the tactics, methods, and procedures seen with GO#WEBBFUSCATOR during the entire attack chain are very fascinating. Utilizing a genuine picture to fabricate a Golang code isn’t very normal in our experience or typical and something we are tracking closely. The first creator of the code planned the malware with both some trivial counter-forensics and anti-threat detection methodologies in mind,” Securonix’s primer research report expressed.