Beware of what you hear, new malware hidden in audio files

Steganography deals with the study and application of techniques that allow to hide messages or objects, within others, called carriers, to be sent and so that the fact is not perceived.

Digital steganography is used by cybercriminals to prevent detection by malware or virus security systems that they send to infect machines and devices.

The health, public administration and education sectors, main objectives for cybercriminals.

Malware developers began experimenting with various techniques with the aim of dodging security products in the 80s, when a copy of malware defended itself by partially encrypting its own code; Thus, its content was illegible to security analysts.

The term "technical evasion" encompasses all methods used by malware to prevent detection, analysis and understanding.

BlackBerry Cylance security researchers have discovered a new malware campaign that is taking advantage of these steganography techniques to hide malicious code in WAV files.

When playing an audio file of music, white noise or any other recording, malicious content is executed, secretly injecting the data.

Steganography has been used for years as a vehicle to skip security measures, since by hiding malicious code in non-executable files such as PNG or JPGE images, malware can be transferred if it is warned by security solutions.

The campaign detected by Cylance is being used in a cryptocurrency mining operation that is so abundant these days.

Cybercriminals hide DLLs inside WAV files, when a computer already infected with malware goes on to download and play the WAV file, it starts extracting the DLL bit by bit and then executing it and installing a cryptominer called XMRrig.

However, steganography as such is not the problem, nor are the file formats that are vulnerable to being exploited by it.

The recommendations of the experts remain in the first place to prevent infections with malware that are the entry point to be able to execute the malicious code in these files.

After all, the host needs to have been infected before so that malware can execute the code hidden in an image or song.

Contact Us





For Any Help
Or Queries

Contact us Us Today at 713-590-9720 or email at sales@greenteksolutionsllc.com  Contact Us

We are certified


View Certifications