.WAVs Hide Malware in Their Depths in Innovative Campaign

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the file’s audio data.
The embedded code consists of one of three different loader components for decoding and executing malware, according to BlackBerry Cylance threat researchers. Users are likely none the wiser: When played, the WAV files either produce music that has no discernible quality issues or glitches, or, in some simply, generate static white noise.
Two payloads were found being delivered in the campaign: A XMRig/Monero CPU cryptominer and Metasploit code used to establish a reverse shell.
This suggests “a two-pronged campaign to deploy malware for financial gain and establish remote access within the victim network,” the researchers noted in an analysis released on Wednesday.
The .WAV files can be delivered in any number of ways, ranging from spam or targeted emails to downloads from the web masquerading as pirated content.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
The payload can be hidden in any file. The only thing that is required is the loader that can read the proper part of the file, decrypt (deobfuscate) the malicious code, and execute it. The loader does not do anything malicious. The malicious code that is hidden in the file as encrypted (obfuscated) sequence of bytes is hard to detect. So, if the loader is new, then such malware will hardly be detected by pre-execution methods. The malware can be detected by post-execution behavior. The proper classification usually requires analyzing the sample by detonating it in the sandbox. This can take some time (from several minutes to some hours).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top