Hackers are hiding malware in a James Webb Telescope image of ancient galaxy

Evil actors are capitalizing on the popularity of the James Webb Space Telescope (JWST) by hiding malware in the first public image shared by President Biden in July, showing a glowing galaxy that formed 4.6 billion years ago.

The image is used in a phishing email campaign, where attackers hide malicious code in the photo, which is released on victim’s computer systems when downloaded.

The attack, dubbed GO#WEBBFUSCATOR, was spotted by security researchers at Securonix, who said the malicious file “is undetected by all antivirus systems.”

Augusto Barros, vice president of Securonix, told Popular Science that this particular JWST image may have been chosen because even if antivirus software flags users, since this image was shared around the world, they may be more inclined to ignore the warning.

The original image was released in a White House announcement on July 11.

It shows what NASA describes as “the sharpest infrared view of the distant Universe yet.”

The image covers a patch of space about the size of a grain of sand held at arm’s length by someone on the ground – and reveals thousands of galaxies in the cluster dubbed SMAC 0723.

And cyber thieves capitalize on the image’s popularity by turning it into a digital threat.

Barros also told Popular Science that hackers may have chosen this image because of its high resolution, which “helps reduce any suspicion as to the size of the file.”

A blog post shared by Securonix about the campaign states that the first part of the infection begins with a phishing email containing a Microsoft Office attachment.

“The document contains an external reference hidden in the document’s metadata that downloads a malicious template file.”

Upon opening the document, the malicious template file is downloaded and stored on the system.

And the JWST image is rendered as standard JPEG, making it evasive from both user and anti-virus detection.

Barros also told Popular Science that this campaign also uses Golang, Google’s new programming language, which just had its stable release on August 2nd.

The cyber security experts say that Golang is rapidly gaining popularity among cyber thieves.

“We are seeing evidence of this language being adopted by malware developers. It facilitates the development of cross-platform, network-friendly software developed by malware authors,” Barros said.

“It’s interesting because it shows that malware developers follow the same pattern of using development tools according to their ‘needs’ as any other developer.”

The deep-field view of the ancient galaxy captured by Webb’s near-infrared camera (NIRCam) is a composite of images at different wavelengths.

According to NASA, SMACS 0723 has such a strong gravitational pull that it distorts both spacetime and the path light subsequently travels through it.

The combined mass of this galaxy cluster acts as a gravitational lens and, according to NASA, “magnifies and distorts the light from objects behind them, allowing for a deep field of view into both the extremely distant and intrinsically faint galaxy populations.”

By studying this light, scientists hope to learn about the origins of the cosmos and possibly even glimpse the elusive photons