How cyber criminals hide malware in .WAV files

Hackers have developed tricks to bring their malware payloads onto people's systems. A Trojan is a program that looks like it is doing something beneficial, but actually contains something dark.

Hackers must now be much more sneaky when attacking. Sometimes they hide malware in another seemingly innocuous file. This is known as the 'steganography' technique, and the first documented case of malware WAV files recently.

What is steganography?

Steganography is an overarching term whenever someone hides one data among many others. This is not a recently emerging malware term that dates back to about 440 BC!

Steganography is a little different from coding. With encryption, there is an Obfuscation section that the recipient must unravel before being able to read the message. Steganography is not necessarily encrypted, but is hidden in another piece of data.

Malware developers have used this ancient technique to sneak files past the security layer of computers. Antivirus software tends to be lax with files that are not associated with viruses, so malware developers have sneaked up malware inside these files.

Normally, the file is not used to infect the system, because it is difficult to run the program hidden in a file without assistance. Instead, it is often used by viruses that have infect computers. It can download these seemingly harmless files to get instructions or executables without triggering anti-virus warnings.

We have seen viruses hidden in images before, but have recently documented the first use of the popular WAV file distribution method.

How does WAV Steganography work?

This new method of attack has been reported twice this year. In June, there was a report on how a Russian gang called Waterorms used WAV-based Steganography to attack government officials. Then another report came out earlier this month saying the strategy was used again. This time, the files are no longer aimed at officials but are used by a cryptocurrency called Monero.

In these attacks, malware will download executable files, DDL files and backdoors in WAV files. Once the file is downloaded, the malware will dig through the data to find the file. When found, the malware will execute the code.

How to prevent WAV Steganography attacks?

Before you begin to suspect your album collection, you should remember that WAV Steganography is used by an existing malware. It is not used as an initial infection method but as a way for existing malware to continue to establish itself on a system. As such, the best way to avoid these sneaky attacks is to prevent the initial penetration.

This means following the golden rules of network security: Install a good antivirus software, don't download suspicious files, and keep everything up to date. This is enough to prevent cryptomining malware (the process of using available system resources to find virtual currency) and any suspicious audio files that are downloaded to the computer!

Steganography is nothing new, even in the cybersecurity world. However, it is worth noting that the use of WAV files to sneak the DDL and backdoor into malware. Now you know what steganography is and how the virus uses it to sneak files past an antivirus program.

Does this new method in malware make you nervous? Let everyone know in the comments below!