Golang Attack Campaign

Securonix identified a persistent Golang-based attack that's being tracked as GO#WEBBFUSCATOR. The new attack  leverages interest in images taken by the James Webb telescope, and uses Golang programming language payloads to infect PCs with malware.

Golang languages work in Windows, Linux and Apple Mac, so all at risk.  Infection begins with a phishing email containing a Microsoft Office attachment supposedly about the telescope's images, named Geos-Rates.docx (but subject to change).

The doc has a hidden reference which downloads a malicious template when the doc is opened that starts the attack if macros are currently enabled in Office, or are enabled by the user when prompted by the malware.

Antivirus programs are currently having trouble spotting this malware so be careful!

Read the story at Securonix...