Threat analysts at Securonix have discovered a new GO#WEBBFUSCATOR malware campaign: attackers embed a virus in photos from the latest James Webb telescope. There are at least two serious difficulties in this: firstly, the pictures are actually displayed to the user (he may not even notice something was wrong); secondly, this malware is currently not detected by antiviruses (according to the VirusTotal portal). Reported by BleepingComputer.
It all starts with a phishing email with an attached Geos-Rates.docx document, which then downloads a tamplate file. It contains an obfuscated (obfuscated) VBS macro that is automatically executed if macros are available in MS Office on the victim’s computer. The malware then downloads a JPG image (OxB36F8GEEC634.jpg) from a remote resource, decodes it into an executable file (msdllupdate.exe) using certutil.exe, and launches it.
As a result of all this, the user is shown the sensational image of the galaxy cluster SMACS 0723, published by NASA in July 2022. However, if the file is opened in a text editor instead of an image viewer, the user will notice additional content disguised as an included certificate. It is a Base64 encoded payload that turns into a malicious 64-bit executable.
The virus itself is written in the Golang language, which is actively gaining popularity among hackers due to its cross-platform (Windows, Linux, macOS) and increased resistance to reverse engineering and analysis. The executable copies itself to %%localappdata%%\microsoft\vault\ and adds a new key to the registry. So far, the capabilities of the malware are not fully known, but experts have already recorded how it executes arbitrary commands through the command line – this is the standard first step for system reconnaissance. Securonix noted that all domains used by attackers were registered recently, the oldest of them was created on May 29, 2022.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
