Hackers spread a dangerous virus through a photo with James Webb

Recently, humanity rejoiced at the first amazing pictures from James Webb, in which we saw strikingly clear details of distant objects. But the attackers decided to use a scientific achievement to spoil the peaceful life of astronomy lovers. According to PCMag, hackers changed the most famous image from a space telescope, introduced a virus into it that antivirus programs are not able to detect, and distributed malicious code on the World Wide Web. The danger was identified by a team of Securonix cybersecurity engineers who received a sample of the program.

Image of galaxy cluster SMACS 0723

Hackers attack victims with phishing emails containing a malicious Office document, which is designed to automatically download malware to the victim’s computer. During this process, Securonix noticed that the software contained an image taken by the James Webb Space Telescope.

The image itself is a regular JPG file and looks like an iconic photograph of the deepest region of space called SMACS 0723 or Webb’s First Deep Field, recorded by a space telescope earlier this year. According to Securonix, the file contains hidden malicious computer code that can be viewed by scanning the image using a text editor.

“The image contains malicious Base64 code disguised as an included certificate. At the time of publication, this particular file could not be found by any antivirus vendor according to VirusTotal data,” Securonix reported in its blog.

The same image in which the virus was encrypted. Photo: PCMag

The hidden computer code works as a key building block for the underlying malware. In particular, the attack decodes computer code from an image file into a 64-bit Windows application called msdllupdate.exe, and the script automatically pulls this file into the automatic boot of the system during startup, implanting the program “in the Run section of the Windows registry”. Malicious software is designed to receive orders from a remote hacker server. Thus, an attack could pave the way for cybercriminals to spy on an infected system or remotely hijack it.

Securonix notes that malicious files initiating an attack can only do this if macros are enabled for Office products. Otherwise, hacker tactics will not be able to be executed automatically. The company’s publication contains additional recommendations on how to identify and stop the attack.

Earlier we reported on how scientists identified the main danger when returning samples from Mars.

Follow us on Twitter to get the most interesting space news in time