Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the file’s audio data.
The embedded code consists of one of three different loader components for decoding and executing malware, according to BlackBerry Cylance threat researchers. Users are likely none the wiser: When played, the WAV files either produce music that has no discernible quality issues or glitches, or, in some simply, generate static white noise.
Two payloads were found being delivered in the campaign: A XMRig/Monero CPU cryptominer and Metasploit code used to establish a reverse shell.
This suggests “a two-pronged campaign to deploy malware for financial gain and establish remote access within the victim network,” the researchers noted in an analysis released on Wednesday.
The .WAV files can be delivered in any number of ways, ranging from spam or targeted emails to downloads from the web masquerading as pirated content.