Threat analysts at Securonix have discovered a new GO#WEBBFUSCATOR malware campaign: attackers embed a virus in photos from the latest James Webb telescope. There are at least two serious difficulties in this: firstly, the pictures are actually displayed to the user (he may not even notice something was wrong); secondly, this malware is currently not detected by antiviruses (according to the VirusTotal portal). Reported by BleepingComputer.
It all starts with a phishing email with an attached Geos-Rates.docx document, which then downloads a tamplate file. It contains an obfuscated (obfuscated) VBS macro that is automatically executed if macros are available in MS Office on the victim’s computer. The malware then downloads a JPG image (OxB36F8GEEC634.jpg) from a remote resource, decodes it into an executable file (msdllupdate.exe) using certutil.exe, and launches it.
As a result of all this, the user is shown the sensational image of the galaxy cluster SMACS 0723, published by NASA in July 2022. However, if the file is opened in a text editor instead of an image viewer, the user will notice additional content disguised as an included certificate. It is a Base64 encoded payload that turns into a malicious 64-bit executable.
The virus itself is written in the Golang language, which is actively gaining popularity among hackers due to its cross-platform (Windows, Linux, macOS) and increased resistance to reverse engineering and analysis. The executable copies itself to %%localappdata%%\microsoft\vault\ and adds a new key to the registry. So far, the capabilities of the malware are not fully known, but experts have already recorded how it executes arbitrary commands through the command line – this is the standard first step for system reconnaissance. Securonix noted that all domains used by attackers were registered recently, the oldest of them was created on May 29, 2022.
Source: Trash Box
I am Derek Black, an author of World Stock Market. I have a degree in creative writing and journalism from the University of Central Florida. I have a passion for writing and informing the public. I strive to be accurate and fair in my reporting, and to provide a voice for those who may not otherwise be heard.
