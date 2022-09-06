<!–

Bad actors are capitalizing on the popularity of the James Webb Space Telescope (JWST) by hiding malware in the first public image President Biden shared in July showing a glowing galaxy formed 4.6 billion years ago.

The image is used in a phishing email campaign, where attackers hide a malicious code in the photo that is released into the victim’s computer systems upon download.

The attack, dubbed GO#WEBBFUSCATOR, was discovered by security experts at securonix who said the malicious file is “undetectable by all antivirus systems.”

Securonix VP Augusto Barros said: Popular science that this particular JWST image may have been chosen because even if antivirus software flags users, they may be more inclined to ignore the warning because this image has been shared around the world.

The original image was released on July 11 in an announcement from The White House.

It shows what NASA describes as the “sharpest infrared view of the distant universe yet.”

The image spans a patch of space about the size of a grain of sand held at arm’s length by someone on the ground — revealing thousands of galaxies in the cluster called SMAC 0723.

And cyber thieves are taking advantage of the image’s popularity by turning it into a digital threat.

Barros also told Popular Science that hackers may have chosen this image because of its high resolution, which “helps reduce any suspicion regarding the size of the file.”

A blog post about the campaign shared by Securonix states that the first part of the ‘infection begins with a phishing email containing a Microsoft Office attachment.

“The document contains an external reference hidden in the document’s metadata that downloads a malicious template file.”

When the document is opened, the malicious template file is downloaded and saved to the system.

And the JWST image is presented as a standard JPEG, allowing it to evade detection by both the user and anti-virus systems.

Barros also told Popular Science that this campaign also uses Golang, Google’s new programming language released on August 2 stably.

The cybersecurity experts say that Golang is rapidly gaining popularity among cyberthieves.

“We see evidence that this language is being adopted by malware developers. It makes it easier to develop cross-platform, network-friendly software, which is what malware authors develop,” says Barros.

“It’s interesting because it shows that malware developers follow the same pattern in adopting development tools according to their ‘requirements’ as any other developer.”

The deep image of the ancient galaxy, taken by Webb’s Near-Infrared Camera (NIRCam), is a composite made of images at different wavelengths.

According to NASA, SMACS 0723 has a gravitational pull so powerful that it distorts both space-time and the path light then travels through it.

The combined mass of this galaxy cluster acts like a gravitational lens and, according to NASA, “magnifies and distorts the light from objects behind them, allowing for a deep field of view in both the extremely distant and intrinsically faint galaxy populations.”

By studying this light, scientists want to learn more about the origins of the cosmos and possibly even glimpse the elusive photons