Technology sites Mashable and ZDNet, recently reported on a rising trend among hackers to conceal malware or spyware within WAV audio files that are favorites among fans of high-fidelity music, as they are originally designed to produce the highest quality sound coming out of your computer.
There were two recent reports of this widespread use of WAV files to try to infect the computers of the users with malware or, as Mashable notes, “to carry out crypto mining as well as establish a reverse connection to enable command and control.”
The first such report was done by Symantec back in June 2019, stating that, “a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims.” The second report by Cylance came out in October and it says that “hackers used a method called steganography that involves concealing a message, file, or video with another file, also known as ‘obfuscated malicious code.’”
Cylance researchers said that, “attackers are creative in their approach to executing code, including the use of multiple files of different file formats. We discovered several loaders in the wild that extract and execute malicious code from WAV audio files.” Some of the WAV files produced music with no evident glitches whereas others only produced static white noise.
The key problem for end-users of WAV files is that the malicious code is very hard to discover if you are not an expert and ‘everything seems to be playing as it should’. But, will it stop them from downloading and using WAV files? They do sound good…