WAV (audioformat)

2019: Hackers build in WAV files the code for the hidden production of cryptocurrencies

In October, 2019 information security specialists announced that hackers learned to place a malicious code in WAV files for production of cryptocurrencies.

According to BlackBerry Cylance, cybercriminals built in the hidden miner in the WAV audiofiles. And files in which the miner was implemented were reproduced without problems with quality, on some of them there was a white noise.

Turned on the music on the computer and mining of bitcoin began. As malefactors in a new way mine cryptocurrency

Such strategy has the additional level of protection because the master code reveals only in  memory of the device that does detection of a virus more difficult  — experts explain.

Implementation harmful the code in the audiofile became possible thanks to shorthand. Such method more than 10 years are used, however before was considered that it can be used only for images in the PNG and JPEG formats.

In BlackBerry Cylance say that the performed content can be hidden in any type of files provided that the structure will not be damaged.^[1]

Researchers of Symantec company found out that hackers of the Turla grouping use WAV files for secret transfer of a malicious code on the systems of the victims which are already compromised with them. 

Symantec says that malefactors use this type of the attack in a campaign for cyber espionage for benefit of a certain state. In BlackBerry Cylance pointed to use of shorthand for cryptocurrency mining. Malefactors use the WAV files for transfer and the subsequent installation on the infected devices of the miner of cryptocurrencies.

As explained ZDNet, the vice president on researches and investigation of cyberthreats of BlackBerry Cylance Josh Lemos, use of shorthand demands deep understanding of the file format at which the attack is aimed. Normal such mechanism is used by advanced cybergroupings which aim to remain not opened as long as possible.

Notes