Threat analysts form Securonix have spotted a new malware campaign dubbed GO#WEBBFUSCATOR which relies on phishing e-mails, malicious documents and most curiously on an image of the James Webb telescope. The malware is written in Golang, a programing language which is becoming increasingly popularfor cybercrime thanks to its cross-platform and its resistance to reverse engineering.
The malware starts its infection chain with a phishing e-mail which has a malicious .doxc file attached that downloads another file. Afterwards that file executes a macro which downloads another file, a JPG file. This is then decoded and executed. However, if the JPG file is opened with an ordinary program to view JPG data it only shows an image of the galaxy cluster SMACS 0723, published by NASA in July 2022.
Want to know more about this curious malware? Here are two sources for further information:
- Hackers hide malware in James Webb telescope images (bleepingcomputer.com)
- Hackers Hide Malware in Stunning Images Taken by James Webb Space Telescope (thehackernews.com)
Patches of the week
Chrome released its version of chrome 105 for Windows, Linux and Mac which contains fixes for 24 vulnerabilities. One of those was rated “critical” and eight as “high” severity.
Nine of the security issues that Google addressed with Chrome 105 were so-called use-after-free vulnerabilities, or flaws that allow attackers to use previously cleared memory spaces to execute malicious code, corrupt data, and take other malicious actions. Four of the patched vulnerabilities were heap buffer-overflows in various Chrome components, including WebUI and Screen Capture.
Apple released an OS update for older Apple Products to fix critical security flaw. The affected products are iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
CVE-2022-32893 (CVSS score: 8.8), is an out-of-bounds write issue affecting WebKit that could lead to arbitrary code execution when processing maliciously crafted web content.
Some further insights on these vulnerabilities can be gained in these sources:
- Google Fixes 24 Vulnerabilities With New Chrome Update (darkreading.com)
- Apple Releases iOS Update for Older iPhones to Fix Actively Exploited Vulnerability (thehackernews.com)
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.