Malware makers now hiding payloads in WAV files

Posted on Sunday, October 20 2019 @ 17:56 CEST by Thomas De Maesschalck
Security researchers report they've now seen two cases in which malware creators used WAV audio files to hide malware in plain sight. These files can't be used to infect systems as they aren't executable, they're merely used as a transfer method. Previously, this steganography method was limited to image files like PNG and JPEG.

By hiding malicious code in these files, malware creators can bypass security tools that whitelist non-executable file formats like multimedia files:
But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation.

Cylance said this particular threat actor was hiding DLLs inside WAV audio files. Malware already-present on the infected host would download and read the WAV file, extract the DLL bit by bit, and then run it, installing a cryptocurrency miner application named XMRrig.
Full details at ZD Net.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews