Aliens Closer to Home Than Desired – Malware Discovered in James Webb Telescope Images

September 21, 2022

Security analysts have uncovered a new malware campaign in which hackers are spreading malware hidden in space images from the James Webb telescope. The full-color images of galaxies, stars, planets, and other cosmic life were first shared by scientists in July 2022 and have unwittingly become the conduit of malicious payloads in a technique known as image steganography.

What in the world is image steganography?

Image steganography refers to the practice of hiding code within an innocent-looking image. Cybercriminals have harnessed this method for hiding information in plain sight in order to ensure their malware is spread to as many users as possible. The method is effective because cybersecurity professionals may overlook this old trick and because it is easy to convince users to open images without prompting suspicion. 

James Webb Telescope Steganography Details: Phishing for the Stars

Hackers have recognized the global interest in the images from the James Webb telescope and are using the images to spread malware. The attackers use phishing emails to send Microsoft Office attachments injected with malicious macros to unsuspecting victims. When a user opens the attachment named “Geos-Rates.docx” and enables macros, the JPG image file is automatically downloaded. The user admires the image of the recently-published galaxy cluster SMACS 0723 but does not realize that a hidden executable file has just unleashed its malware.

Webb’s Deep Field image of the early Universe © NASA, ESA, CSA, and STScI

The Black Hole of Malware

Threat actors wrote the malware in a programming language called Golang, which has become popular among cybercriminals because it works across multiple platforms and can avoid signature-based detection by security tools. That means the malware is considered unknown and cannot be detected by standard antivirus software programs. The malware acts as a backdoor, enabling the hackers to execute arbitrary code on the affected machine.

How Votiro Customers Are Protected from Phishing Attacks like the James Webb Telescope Steganography Scheme

The recent image stenography attack is just one more example of how easy it is for threat actors to penetrate seemingly secure systems and networks using social engineering techniques like phishing schemes. The best defense is to stop the files before they enter the organization’s network. 

With Votiro Cloud, protection against weaponized files is guaranteed. Unlike detection-based file security solutions that scan for suspicious elements and block just some known-malicious files, Votiro’s revolutionary Positive Selection technology takes a Zero-Trust approach to files: Votiro allows through only the safe elements of each file, ensuring every file that enters the organization is clean of hidden known and unknown malware. This is done without damaging or altering the file format or usability or slowing down the speed of file delivery.  To learn more about how Votiro’s innovative approach to file security can protect your organization from attacks such as the one using the James Webb telescope images, click here.