This James Webb telescope image may be hiding more than just the stars

Cybercriminals are using images captured by the James Webb telescope to distribute malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new phishing campaign is taking advantage of interest in the images captured by the James Webb telescope to infect victims withmalware, analysts have warned.

Areportfrom security firm Securonix found cybercriminals are embedding malware capable of bypassingantivirusfilters into an image of the SMACS 0723 galaxy cluster, published by NASA earlier this year.

Although at first the image appears entirely innocuous, inspecting the file in a text editor reveals code designed to trigger the download of a malicious executable.

James Webb telescope images

In July 2022, NASA released the first selection of images captured by the James Webb Space Telescope, detailing the “earliest, rapid phases of star formation” for the first time. The spectacular full-color images spread like wildfire over social media platforms.

However, as with any trend or event that captures the public imagination, the demand for more telescope images has created an opening for cybercriminals.

In this instance, the threat actor distributes a phishing email containing aMicrosoftOffice attachment. Once downloaded, the attachment triggers a chain reaction that ultimately results in the malicious image making its way onto the victim’s device.

New Windows malware uses a cunning technique to avoid detection>Our list of the best firewalls available right now>LastPass hacked: Should you be worried about your passwords?

The malware itself, coded in Golang in order to complicate analysis, is said to be capable of exfiltrating sensitive data and handing control of the infected machine to the operator.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To shield against scams of this kind, web users are advised never to download attachments from unsolicited emails and to interrogate messages for errors of spelling or grammar that might betray a scam.

Separately, although the malware strain in question is reportedly able to bypass security measures, devices should nonetheless be protected with leading antivirus andransomware protectionsoftware, which will reduce the overall risk of an infection.

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet