News

Hackers Sending Hidden Malware Through James Webb Telescope Image

A recent study by Securonix Threat Research revealed an ongoing attack campaign using Golang. Securonix identified this threat as GO#WEBBFUSCATOR, which is being monitored by the company. Using the famous deep-field image of the James Webb telescope, the new campaign includes an equally interesting strategy. The load is so confusing that malware makes it more difficult to read the computer system, because this useful data is encoded in the golang programming language. For APT groups such as Mustang Panda and others, the use of Golang-based malware, which is increasing in number, is becoming increasingly common. Technical analysis professionals can switch to the Go platform for various reasons, and this is why we are seeing them more and more. There is no doubt that Go binaries are significantly more complex when it comes to analysis and reverse engineering compared to other binary formats such as: – Dec++ or C# in terms of cross-platform support and compilation, according to the report, Go is also a very flexible programming language. To compile malware for multiple platforms, malware authors can use a common code base. For this they use the following platforms: – Windows * NIX The infection is first spread through phishing emails containing Microsoft October (Geos) attachments. docx). When an external link is hidden in the metadata, the malicious template file is loaded from the document metadata. To destroy the uniform. the dotm file tries to disguise itself as a legitimate Microsoft URL by setting the “Target=” field. hxxp: / / www. xmlschemeformat.com/update/2021/Office/form . the dotm document contains a malicious template file that is loaded and saved immediately after the document is opened. If the user contains the macros in the template file, a VB script is called in the template that starts the first step of the code execution process. Commands executed using disguised code download a file known as – oxb36f8geec634. jpg can do this by decoding the data in binary format (msdllupdate.

Back to list

Related Posts