At this moment, thespectacular taken by the spatial attract attention and cybercriminals have understood this. This is how they developed a phishing campaign using the photos of the telescope as a vector. This is what the experts of the cybersecurity company identified and christened Go#Webbfuscator.
“Go”, because the code implanted in the image is written in Golang. It is a popular programming language among hackers because it has the advantage of being difficult to identify and it works on almost all systems. The victim will receive an email that includes an attachment and a .Word document called Geos-Rate.docx.
Malware hides in the image
Once the document is opened with the text editor and if the automatic execution ofis activated in Word, the malicious code is repatriated while displaying in the document the magnificent photo of the Smacs 0723 published last July. From that moment, the is connected to its encrypted server.
This maneuver would then only be a first step for the pirates. The rest remains unclear and experts do not know what the final objective of these attacks is. It must be said that the campaign targeted victims in different countries and that the payloads were not always the same.
As always, the presence of a Word file as an attachment accompanying an email urging you to open it should inspire the greatest suspicion. Likewise, whileblocked by default the execution of for downloaded files, their automatic activation by the user remains a very bad idea.