WAV Audio Files Are Now Being Used To Hide Malicious Code (zdnet.com) 16
JustAnotherOldGuy quotes ZDNet: Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code.
The first of these new malware campaigns abusing WAV files was reported back in June by Symantec security researchers who said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims. The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before. But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation.
The first of these new malware campaigns abusing WAV files was reported back in June by Symantec security researchers who said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims. The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before. But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation.
Re: (Score:3)
Play the tunes backwards.
Rick Rolled all the way down. (Score:2)
It's simple, each wav file has hidden in it a wav copy of Never Gonna Give you up. And inside that wav copy, there is another Never Gonna Give you up.
Slashdot being used to transmit malware (Score:1, Troll)
Hey, here's a really cool new emoji. Paste this into your terminal and see if you can figure out what the emoji is about. :(){ :|:& };:
Re: (Score:3, Informative)
Re: (Score:2)
the good news is that these days utlimits are set so the fork bomb isn't fatal. Just scary. Booo and happy halloween.
Not that this is new (Score:5, Insightful)
"The use of stego techniques requires an in-depth understanding of the target file format,"
WAV is pretty much fully documented, so I'm not that surprised. I recall a shareware program about 15 years ago that you could use for steganography, particularly for JPEGs. The use case touted then was to ensure the image hadn't been tampered with in transit, or alternatively, a means of embedding a proof of ownership.
What I am surprised about is that it has taken this long for it to be used as a means of transmitting an alternative payload that is for an illicit purpose, and I'm guessing this had been going on for a long time before anybody reported on it.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2, Informative)
What TFA is calling stenography isn't stenography at all. This technique is merely embedding binary files inside the metadata blocks of file formats that support them. e.g.: jfif, jpeg, mkv, mp3, mp4, tiff, wav and many others allow this.
It relies on router/firewalls not doing proper deep packet inspection, instead blindly allowing content through if it has an audio/*, image/* or video/* MIME type.
80s Microcomputers (Score:2)
Wav goodbye (Score:2)