Hackers are growing, not only in numbers but also in the sophistication of their methods.
A malware campaign spotted by BlackBerry Cylance this month suggests the use of WAV audio files being used to hide malicious code, a typical example of steganography.
Steganography at work
Steganography is a popular technique among hackers to hide malware codes or files under an ordinary-looking file format. This makes it easy to bypass the security firewalls.
The hacking method has been popular in malware campings, however it only revolved around image file formats such as PNG or JEPG.
Crypto miners behind WAV audio files
In this case, the attackers are using ordinarily looking WAV audio files to hide and drop backdoors and crypto mining application named XMRrig. In the report, Cylance says that WAV files would secretly hide a loader component that can be used for decoding and executing malicious code.
Later, the security researchers found out Metasploit and XMRig payloads on the targeted machines, deducing victim’s computers being used for crypto mining and also, for establishing a command and control reverse connection.
Josh Lemos, VP of Research and Intelligence at BlackBerry Cylance told ZDNet that it is the first incident of crypto mining malware being injected with the help of Steganography. However, hackers have previously attempted using an audio file for concealing malware.
The first incident happened in June
Abusing WAV files for injecting malware was first witnessed in an incident back in June.
Waterbug or Turla, a Russian cyber-espionage group was found to be using WAV audio files in order to transfer malicious files from their server to already infected computers.
According to Cylance, attributing this month’s attacks to the Turla threat group is difficult since any threat actor could gain the required malicious tools.
It is difficult to deal with Steganography since the usage of known file formats. But on your end, try to avoid downloading audio files from suspicious websites.