To achieve this, an attacker needs to get malware on the target system. Once you can execute arbitrary code on the PC, you can manipulate the internal switching frequency of the power supply to generate soundwaves via the device's capacitors and transformers.
These soundwaves can then be recorded via a nearby device, like an Android smartphone. The researchers say that at a distance of 2.5 meters, it's possible to exfiltrate data at a maximum bit rate of 50 bits per second. So stealing as little as one megabyte of data will require about 48 hours of spy work.
"The POWER-SUPPLaY code can operate from an ordinary user-mode process and doesn't need hardware access or root-privileges," the researcher concluded. "This proposed method doesn't invoke special system calls or access hardware resources, and hence is highly evasive."The main concern here seems to be a supply chain attack aimed at very high value targets. More at at The Hacker News.