This sneaky new malware trick is hiding from antivirus software

Many of us have been fascinated with space exploration since we were children. We can probably blame movies like “Star Wars” for getting us interested at an early age.

But science fiction isn’t our only source of space wonders. We’ve been following NASA and its incredible achievements for decades. The James Webb Space Telescope is a recent marvel we can’t get enough of. The first image sent from the telescope is fantastic! Tap or click for four things you might have missed.

As with most everything good these days, cybercriminals aren’t far behind in taking advantage of its popularity. Keep reading to discover how criminals use James Webb images to spread malware.

Here’s the backstory

Phishing emails are nothing new. That’s when cybercriminals send emails with malicious links or attachments, hoping to trick victims into clicking them. Sometimes they infect your device with malware. Other times, they trick you into handing over personal or banking information.

A new phishing attack discovered by security researchers with Securonix is especially dangerous. That’s because cybercriminals are using malware based on the Golang programming language. It’s more flexible than other programming languages because it works for Windows, Linux and Apple Mac computers.

Not only that, but the new variant has yet to be marked by antivirus software, making it difficult to defend against.

Here’s how the attack works. You’ll receive an email claiming to have breathtaking images attached from the James Webb Space Telescope. If you click the attachment called “Geos-Rates.docx,” that’s where the problems begin. (NOTE: The file name can change at any time. This is just a recent example.)

Instead of seeing space photos, a template file will be downloaded to your device. It’ll look like an Office document, and you’ll be asked to enable macros. But don’t do it! If you do, malware will be installed on your device. Once macros are enabled, the malicious code goes to work.

The malware also connects to a server operated by the thieves. This allows them to change the payload at any time. They can now steal information from your device and use it to infiltrate your online accounts, including banking information. Yikes!

What you can do about it

This tricky phishing campaign plays on everyone’s interest in seeing images from the James Webb Telescope. But don’t fall for it. Now that you know what to look for, stay away from links and attachments in unsolicited emails. And don’t forget to warn your family and friends by sharing this article so they also know what to keep an eye on.

Even though antivirus programs are currently having trouble spotting this malware variant, we recommend having antivirus software on all your devices. It’s the best way to avoid malware. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Here are more ways to protect against this type of phishing attack:

  • Don’t click on links you receive in unsolicited emails or text messages. They could be malicious and infect your device with malware.
  • Never open Word or Excel files attached to unsolicited emails. If you open one of these documents and it says that you need to enable macros, close the file and delete it immediately.
  • Keep your computer and mobile devices updated to the latest version. Operating system and application updates safeguard you against the latest threats, and it’s your first line of defense against malware.
  • Use two-factor authentication (2FA) whenever it’s available for better security. Tap or click here for details on 2FA.

Keep reading

Free PDF editing software can hide malware – Try this trustworthy option

Malware in the mail: Scammers are sending out fake Microsoft software

Tags: Apple, malware