Attackers have embedded crypto-mining and Metasploit code into WAV audio files to stymie threat detection solutions.
“All WAV files discovered adhere to the format of a legitimate WAV file (i.e., they are all playable by a standard audio player),” Josh Lemos, VP of Research and Intelligence at BlackBerry Cylance, told Help Net Security.
“One WAV file contained music with no indication of distortion or corruption and the others contained white noise. One of the WAV files contained Meterpreter to establish a reverse-shell to have remote access into the infected machine. The other WAV files contain the XMRig Monero crypto-miner.”
A clever tactic to avoid detection
The WAV files came coupled with a loader component, which employ either steganography or an algorithm to decode and execute the malicious code woven throughout the file’s audio data.
While steganogra ..
Support the originator by clicking the read the rest link below.
