Security researchers with BlackBerry Cylance have spotted a new sophisticated campaign that spreads cryptojacking malware and a backdoor via .WAV audio files. The malware is embedded in the audio data and loaded when an infected file is played. Some of the malicious audio samples played music without glitches, while others played white noise. In either case users are unlikely to realize they are dealing with malware in disguise.
The cryptojacking malware will use CPU resources on the infected device to mine for Monero cryptocurrency, while the backdoor establishes a connection to the attacker’s computer. The researchers state that this suggests “a two-pronged campaign to deploy malware for financial gain and establish remote access within the victim network.” The malicious .WAV files can be distributed via email, web downloads, torrent sites and by various other methods. The researchers also warn that the techniques used to hide the malware “demonstrate that executable content could theoretically be hidden within any file type, provided the attacker does not corrupt the structure and processing of the container format.”
Read more: .WAVs Hide Malware in Their Depths in Innovative Campaign