By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code. The technique is known as steganography -- the art of hiding information in plain sight, in another data medium. In the software field, steganography -- also referred to as stego -- is used to describe the process of hiding files or text in another file, of a different format. For example, hiding plain text inside an image's binary format. Using steganography has been popular with malware operators for more than a decade. Malware authors don't use steganography to breach or infect systems, but rather as a transfer method. Steganography allows files hiding malicious code to bypass security software that whitelists non-executable file formats (such as multimedia files). All previous instances where malware used steganography revolved around using image file formats, such as PNG or JEPG. The novelty in the two recently-published reports is the use of WAV audio files, not seen abused in malware operations until this year. The first of these two new malware campaigns abusing WAV files was reported back in June. Symantec security researchers said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims. The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before. But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation. Further details are posted on OUR FORUM.

 

Translate