How Cyber Criminals Hide Malware in .WAV Files

Wav Malware Featured

Hackers have developed many tricks to get their malware payload onto people’s systems. The very idea of a Trojan is a program that appears to do something beneficial but harbors something darker.

These days, hackers have to be a lot sneakier with their attacks. They sometimes hide malware within another innocent file. This is called “steganography,” and we saw the first case of WAV files carrying malware recently.

What Is Steganography?

Steganography is a broad term that covers any time someone hides data within more data. It’s not just a malware term; it’s been around since 440BC!

Wav Malware Message

Steganography is a little different from encryption. With encryption, there’s obfuscation that the recipient must unravel before they can read the message. Steganography isn’t necessarily encoded, just hidden within another piece of data.

Malware developers have used this ancient technique to sneak files past a computer’s security. Antivirus software tends to be lax with files that aren’t associated with viruses, so malware developers sneak in malicious code within these files.

Typically, the file isn’t used to infect the system, as it’s hard to run a program hidden within a file without assistance. Instead, it’s typically used by viruses that have infected a computer already. It can download these innocent-looking files for instructions or files to execute without alerting the antivirus.

In the past, we saw viruses hidden away in images, but we’ve recently seen the first case of a widespread WAV file distribution method.

How WAV Steganography Works

This new method of attack was reported twice this year. In June we saw a report on how a Russian gang called Waterbug was using WAV-based Steganography to attack government positions. Then, another report came in earlier this month saying that this strategy was on the loose again. This time it wasn’t after officials the files were being used by a Monero cryptominer.

Wav Malware Code

In these attacks, the malware would download executables, DDL files, and backdoors in a WAV file. Once the file was downloaded, the malware would dig through its data to find the file. Once it was found, the malware would execute the code, thus adding to its arsenal while keeping its fingerprint small.

How Do You Avoid WAV Steganography Attacks?

Before you start casting a suspicious eye on your album collection, it’s worth remembering that WAV steganography is used by an already-present malware. It’s not used as an initial infection method but as a way for a current infection to further establish itself on a system. As such, the best way to avoid these sneaky attacks is to prevent the initial attack from occurring,

This means following the golden rules of cybersecurity: have a good antivirus installed, don’t download suspicious files, and keep everything updated. This should be enough to keep cryptomining malware at bay and prevent any suspicious audio files from being downloaded onto your computer!

Defending Against the Wave of WAVs

Steganography is nothing new, even in the cybersecurity world. What is newsworthy, however, is the use of WAV files to smuggle in DDLs and backdoors to malware. Now you know what steganography is and how viruses use it to sneak files past an antivirus.

Does this new method of sneaking in malware worry you? Let us know below.

Simon Batt
Simon Batt

Simon Batt is a Computer Science graduate with a passion for cybersecurity.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox