Malware image James Webb

Hackers hide malware in images taken by James Webb Space Telescope

Hackers have used the opportunity offered by NASA’s new James Webb telescope to try and spread some malware

NASA’s James Webb Space Telescope has given astronomers a fresh glimpse of the depths of space, revealing new galaxies and nebulae further into the universe than ever before. It’s also giving some unsuspecting email users some hidden malware. 


Researchers from Security Analytics company Securonix have discovered a malware phishing campaign that has hidden its code in a jpeg of Webb’s First Deep Field.


Phishing emails with a Microsoft Office attachment serve as the entry point for the attack chain. When the attachment is opened it retrieves an obfuscated VBA macro, which is then auto-executed if the recipient has macros enabled.


The execution of the macro results in the download of an image file “OxB36F8GEEC634.jpg” that seemingly is an image of the First Deep Field captured by JWST but, when inspected using a text editor, is a Base64-encoded payload.


Macros are disabled by default in recent versions of Microsoft Office, but malware authors are now attempting to scare or frighten users into enabling macros by displaying false warnings when a malicious document is opened. 


Here is how OmniCyber Security can help to mitigate the risk of these kinds of attack to your business:


1. Use OmniCyber Security to prevent communication to identifiable malicious IPs and Domains by creating a list within the DNS Blocking and Defined Networks policy.


2. Education – People and Policy. People, Cyber Awareness Training; Build your Human Firewall. Policy? Are you ISO compliant to meet new FCO regulations coming forward next year?


3. User-defined Access Protection and Multi-Factor Authentication rules to allow you to block the execution of malware.


4. Have at least one scheduled Vulnerability Management assessment to run daily.


5. Application Security – Breaches via web apps doubled last year. With the average employee switching between 35 job-criticalapps more than 1,100 times a day, appsec must be a focus.


Contact OmniCyber Security for on-demand cyber risk exposure assessments to help ensure that your systems are clear from malware.



As an aside, in terms of IDR; 3.5 million cybersecurity jobs are going unfilled this year. Getting those false positives down will keep your workload under control.


Stephen Fowler, Director of Technologies

 Stephen writes about the human element in Cyber security. If you would like to talk about your own cyber security needs, please email him at


Contact us..

Related Articles