Cyber ​​criminals use .wav files to hack computers

Cyber ​​criminals use .wav files to hack computers

After the images, it's the turn of the audio files to be used to infect the computers. That's what BlackBerry researchers discovered. So beware of WAV files shared or received by email.

Image by Pete Linforth from Pixabay

A new type of malware has recently been discovered by researchers at BlackBerry. Groups now use WAV files to hide code that contains cryptocurrency mining programs.

The attacks are carried out thanks to steganography, or the art of concealing code in apparently harmless files. The technique was already well known with .jpeg files, in which it is possible to hide data without altering the quality of the displayed image. It's the same technique that was used in this case, but with audio files in .wav format.

A two-stage infection

The infection is divided into two parts. Computers must first be infected by a first malware, whose only function is to extract the code hidden in WAV files, which allows it to pass more easily unnoticed. By opening a WAV file, received for example by e-mail, the infected machine retrieves the hidden code that allows it to create a mining program of the cryptocurrency Monero.

There are several variants of the malware that decodes steganography, and some of the WAV files contain only static noise, while others contain music that has no distortion due to the extra code. The researchers said this is the first time that WAV files have been used to install a cryptocurrency mining program. This shows an evolution of these criminal groups in the degree of sophistication.