Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

WAV Audio Files Are Now Being Used To Hide Malicious Code (zdnet.com) 16

Posted by EditorDavid from the steganography dept.
JustAnotherOldGuy quotes ZDNet: Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code.

The first of these new malware campaigns abusing WAV files was reported back in June by Symantec security researchers who said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims. The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before. But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation.
This discussion has been archived. No new comments can be posted.

WAV Audio Files Are Now Being Used To Hide Malicious Code More

WAV Audio Files Are Now Being Used To Hide Malicious Code

Comments Filter:

  • It's simple, each wav file has hidden in it a wav copy of Never Gonna Give you up. And inside that wav copy, there is another Never Gonna Give you up.

    • Hey, here's a really cool new emoji. Paste this into your terminal and see if you can figure out what the emoji is about. :(){ :|:& };:

      • Re: (Score:3, Informative)

        by sew3521 ( 1037710 )
        I have not stumbled upon the old fork bomb in the comment section joke in a while. Made me smile but just a warning to anyone out there that does not know what this does DO NOT RUN THIS. Google "Fork Bomb" to learn more about this command.

        • the good news is that these days utlimits are set so the fork bomb isn't fatal. Just scary. Booo and happy halloween.

  • Not that this is new (Score:5, Insightful)

    by mrbester ( 200927 ) on Sunday October 20, 2019 @05:00PM (#59328876) Homepage

    "The use of stego techniques requires an in-depth understanding of the target file format,"

    WAV is pretty much fully documented, so I'm not that surprised. I recall a shareware program about 15 years ago that you could use for steganography, particularly for JPEGs. The use case touted then was to ensure the image hadn't been tampered with in transit, or alternatively, a means of embedding a proof of ownership.

    What I am surprised about is that it has taken this long for it to be used as a means of transmitting an alternative payload that is for an illicit purpose, and I'm guessing this had been going on for a long time before anybody reported on it.

    • Have audio files not had watermarks embedded in them before? I thought MySpace used to do that with music uploaded to it.

      • Re: (Score:2)

        by Luthair ( 847766 )
        I believe a couple companies have been selling software which can hide a low bitrate signal that amazingly can survive transcoding.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      What TFA is calling stenography isn't stenography at all. This technique is merely embedding binary files inside the metadata blocks of file formats that support them. e.g.: jfif, jpeg, mkv, mp3, mp4, tiff, wav and many others allow this.

      It relies on router/firewalls not doing proper deep packet inspection, instead blindly allowing content through if it has an audio/*, image/* or video/* MIME type.

  • In the 1980s a lot of software was run off audio cassettes and of course dial-up modems transmitted data as audio over the phone lines. Audio has been a way of transmitting data in computing for quite some time.
  • Sounds like might be Time to wav goodbye;?

Slashdot Top Deals

Keep up the good work! But please don't ask me to help.

Close