Already today it is not always easy to identify the malevolent nature of the threats circulating on the Net, even relying on constantly updated protection systems and antivirus software. What was discovered and made known today by Cylance adds another level of concern to those who fear the action of malware: now they hide even inside the audio files.
The malware is hidden in WAV audio files
What at first glance may seem normal WAV, quite similar to a vocal recording or a song, it can actually conceal a danger inside. The method used is that of steganography, a technique of blurred of which we have already written on these pages in the past, regarding the malicious code present in some memes circulated on Twitter. These are the words of the researchers.
Adopting this strategy introduces an additional level of obfuscation because the hidden code is only revealed within the memory, making its identification more complex.
The offending files are distributed via email and when opened on the victim's computer start the mining of the cryptocurrency Monero, running the XMRig Monero CPU utility and exploiting its resources. It must be emphasized that a technique of this type had already been used in the past by groups like Turla (or Uroboros) to make attacks against institutional realities. However, it is the first time that the diffusion reaches a wider scale with the aim of creating a campaign of cryptomining.
For those not aware of it, Cylance is a company founded in 2012 and then acquired in 2017 by BlackBerry operating in the cybersecurity territory. Today it is a subsidiary of the Canadian group.