Despite the presence and implementation of robust security protocols, various persistent and ever-evolving hacking strategies continue to exist. This clearly depicts how innovative criminal hackers are to execute their malicious activities. Once again, researchers have spotted a couple of malware campaigns that illustrate the inventiveness of hackers. This time, hackers have employed steganography to hide malware within WAV audio files.
WAV Audio Files Steganography Campaigns Spotted Twice This Year
This year, researchers have twice spotted malware campaigns in the wild that exploit WAV audio files via steganography.
In the first instance, researchers from Symantec reported such malware campaign in June. As elaborated in their report, they observed a Russian cyberespionage group Waterbug (aka Turla) actively exploiting audio files in one of the three campaigns they noticed. They exploited WAV files for delivering a publicly available backdoor via Meterpreter to the targeted devices.
Now, the second report of WAV file abuse came from the researchers at Cylance. The malware campaign they observed was somewhat different from the one which Symantec reported. As elaborated in their blog post, the team Cylance spotted the abuse of WAV files for delivering cryptominers. Precisely, they found the WAV files to be carrying XMRig Monero CPU miners.
The similarity of attack strategy, that is, the audio files steganography, may hint towards a link between the two campaigns, however establishing a definitive relationship is difficult, according to the researchers.
These similarities may point to a relationship between the attacks, though definitive attribution is challenging because different threat actors may use similar tools.
Steganography – An Old Yet Powerful Technique
Steganography is an old-established technique that hackers may employ to execute malicious activity. This technique simply refers to the embedding of a malicious executable file into another benign file without distorting its structure. If done successfully, the technique proves to be robust enough for evading security checks and detection.
While steganography was theoretically possible for any file type, the attackers usually exploited this technique for image files, such as .jpg or .png. However, the recent studies regarding active malware campaigns exploiting WAV audio files prove the effectiveness of steganography for any file formats.
Since steganography exploits commonly used file formats, such as .jpg, .png, and now .wav, it seems rather difficult to stop the use of vulnerable file formats.
Let us know your thoughts in the comments.