Cyber Space: Researchers Reveal Golang Security Surprise In SMACS 0723 Galaxy Cluster Image

Cybersecurity Cyber Space: Researchers Reveal Golang Security Surprise In SMACS 0723 Galaxy Cluster Image Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to stay notified about their latest stories. Got it! Aug 31, 2022, 05:12am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin Security researchers find malware among the thousands of galaxies in a SMACS 0723 image.

Associated Press In July, NASA’s newest space telescope illuminated thousands of galaxies in a ‘tiny sliver’ of the universe. James Webb’s first deep field image, NASA reported , provides “the most detailed view of the early universe to date. ” The image of galaxy cluster SMACS 0723 is abundantly filled with thousands of galaxies.

Now security researchers have revealed how that image is being used to hide malware among those myriad galaxies. MORE FROM FORBES These Boffins Hid 256-Bit Encryption Key In Ink Molecules Of Handwritten Letter By Davey Winder Hiding malicious Windows executable within a SMACS 0723 image A new security advisory published by the Securonix Threat Labs, and first reported by Bleeping Computer , reveals how a persistent Golang-based attack is using that SMACS 0723 deep field image to hide a malicious Windows executable. Golang is a cross-platform programming language much loved by threat actors.

Securonix is tracking the attack campaign in question as GO#WEBBFUSCATOR. The image, delivered as part of the initial phishing campaign using a malicious Microsoft Office attachment, looks harmless when displayed. However, when the Securonix researchers delved deep inside with a text editor, it turned out to be anything but.

If you want the full technical explanation of what happens next, head to either of the security publication links I’ve previously given. When the Base64 encoded payload, pertaining to be a certificate, is decrypted, it becomes a large, 1. 7Mb, Windows executable.

When this, in turn, is executed, connections to a command-and-control server are made. As of yet, it would appear that the threat actors are using this for initial attack reconnaissance by using arbitrary enumeration commands. Recommended For You 1 iOS 15: Apple Issues 22 Important iPhone Security Updates More stories like this Fewer stories like this 2 Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking More stories like this Fewer stories like this 3 iOS 15 Is Available Now With These Stunning New iPhone Privacy Features More stories like this Fewer stories like this MORE FROM FORBES LastPass Hacked: Password Manager With 25 Million Users Confirms Breach By Davey Winder Attack highlights the dangers of Microsoft Office VBA macros As interesting as this is, especially given how the executable has been obfuscated, it is another example of how Visual Basic Application (VBA) macros can be so dangerous and why they should be blocked.

The good news is that Microsoft has confirmed it will be blocking potentially harmful VBA macros by default in Office . The bad news is that threat actors are ingenious creatures, as the SMACS 0723 image usage demonstrates, and will be sure to find another way to achieve the same goals. Follow me on Twitter or LinkedIn .

Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.