Malware From Outer Space

The James Webb Space Telescope is a feat of modern engineering, and continues to deliver one inspirational view of our universe after another. There is, unfortunately, one side effect of these fantastic, high-quality images, that Webb Telescope engineers likely never imagined: malware delivery.

Hackers have decided to use one of the images captured by the James Webb Telescope to trick recipients into downloading malware (the first photo, in fact, SMACS 0723). The scheme is named “GO#WEBBFUSCATOR,” and isn’t unlike scams we’ve seen in the past: Scammers attach a file to an email designed to appear like a Microsoft Office document. This file is not the James Webb Telescope image, however, rather its an executable file that runs if Word macros is enabled on your machine.

This file, in turn, then downloads the Webb image. Again, however, it’s not what you think. When executed as planned, the victim never actually sees the photo of space. Instead, the file is used as a shield to run another exe file running Base64 code. This malware looks for any vulnerabilities in the victim’s system, and helps the hackers exploit them accordingly.

It’s fascinating the iconic image isn’t used as a user-facing component of the scheme. As the victims never see the photo, the goal isn’t to entice them into downloading the image itself to the system. Instead, the sheer size of the file, coupled with the popularity of the image, obfuscates the malware hidden within. If software scans the message looking for malware, it might overlook the file, since it will identify the image as one shared over and over again.