According to the researchers, an image that runs on the web contains executable files that spread threats without the user noticing.
We have all seen them and were fascinated but the space photos of the James Webb telescope are not all safe.The alarm came from the security company of Securonix: according to the researchers, an image in particular it contains executable files that spread threats even escaping antivirus.
How it works
The action, which is part of the wider “GO # WEBBFUSCATOR” campaign, leverages the beauty and fame of the photos to contaminate the Web. The mechanism is simple. First of all the victim receives an email with an attachment called “Geos-Rates.docx”. Once clicked, this downloads a file which, if we have Office macros enabled, executes itself. And here is the trap. The malware downloads a Jpg image («OxB36F8GEEC634.jpg») which is decoded into another executable («msdllupdate.exe») which in turn is started. At this point in front of the user appears the Jpg image of the cluster of galaxies Smacs 0723 published by NASA (the one we see above) but appearances can be deceiving.
Invisible to antivirus
In fact, that photo is not just a photo. Thanks to a technique called steganography and the use of Golang, a programming language in full swing in the world of criminals and particularly resistant to the analysis techniques of researchers, the code hidden in the photo manages to bypass antivirus security checks and stabilize in the system. In fact, the program detects only a harmless image file and does not block it but in the meantime the malware remains on the computer waiting for instructions.
How to defend yourself
On the bright side, defending against this new attack is simple. The warning is to avoid downloading attachments with curious names even if they come from certain sources while to admire the photos of James Webb there are always the NASA website and our photo galleries..
01 SeptemberCopyAMP code
© REPRODUCTION RESERVED