Artistic design of the James Webb Space Telescope. Source – NASA GSFC/CIL/Adriana Manrique Gutierrez
A new malware campaign Named ‘GO#WEBBFUSCATOR’ and written in Golang, it has been revealed. This latest threat relies on phishing emails, malicious documents and space images from the James Webb Telescope to spread malware.
There is also a concern about the speed of adoption. Increasingly popular, Golang is cross-platform and offers increased resistance to reverse engineering and analysis.
Paolo Passeri, Principal Engineer at Netskope, provides information to Digital Journal about the threat posed by this new malware campaign.
Passeri begins by explaining what makes this latest form of attack a concern: “This campaign uses an established modus operandi of opportunistic criminals, which is to take advantage of events with high social impact for malicious purposes. However, we have witnessed some variations here interesting”.
He then looks at the huge interest in astronomy that has been bubbling around the world and how criminal entities have used it to further their malicious agenda. He notes: “Cybercriminals took an unprecedented look into the remote corners of the universe allowed by the James Webb telescope, which provides an ideal starting point for attackers to launch new campaigns.”
Here, digital meets digital. Passeri says: “The very nature of the information exchanged (images) has further facilitated their attempts by allowing the use of one of the most common evasion techniques, steganography, which tends to hide malicious content within the images A technique commonly used to evade both the security checks of traffic protection solutions and the security checks of the user who, under normal conditions, would not expect to be infected with a seemingly harmless artifact such as an image.”
There is more to the sophistication of the campaign, according to Passeri: “Another interesting element of this campaign involves the use of malware written in Golang, a language that is increasingly popular with attackers both because of its cross-level platform, such as its resistance to reverse engineering, a feature that makes it difficult for security analysts to investigate.”
This brings Passeri back to his main topic of how criminals seek to deceive the general public: “This campaign once again proposes the risk inherent in the concept of digital trust and its implications in the field of security. The growth of remote work has changed the concept of user trust. Users now rely more on digital interactions than human ones, which lowers the level of protection against any content coming from the Internet (search engines or legitimate cloud applications) and are no longer used to thoroughly check the ‘source of information’.
Concluding his review of this powerful threat, Passeri states: “Indeed, it is no coincidence that SEO poisoning techniques (i.e. using search engine optimization algorithms to place malicious links above search engine results) are back in vogue. distributing malware and other malicious content.”
[ad_2]
Source link
