WAV 오디오 파일은 이제 악성 코드를 숨기는 데 사용

ment 10/20 '19 posted (10/20 '19 edited) 뉴스 IT

• WAV 파일을 남용하는 새로운 두 가지 악성 코드 캠페인 중 첫 번째 보고서는 6 월에 보고되었습니다.

• 이 새로운 캠페인에서 범죄자들은 파일의 오디오 데이터 전체에서 악성 컨텐트를 해독하고 실행하기 위해 로더 구성 요소를 짜는 것으로 보고되었습니다.

• 블로그 게시물에서 연구원들은 일부 WAV 파일에 XMRig Monero CPU 광부와 관련된 코드가 포함되어 있다고 밝혔습니다.

• 연구원들은“동일한 환경에서 페이로드가 모두 발견되었으며, 재정적 이익을 위해 악성 코드를 배포하고 피해자 네트워크 내에서 원격 액세스를 설정하는 양면 캠페인이라 제안했습니다.

• 이 새로운 캠페인은 안티 바이러스 프로그램을 개발하는 캘리포니아의 블랙베리 자회사인 Cylance에 의해 발견되었습니다.

• 단순히 정적 (백색 잡음)을 생성했습니다.

• 더 중요한 것은 이러한 유형의 공격은 사이버 범죄자가 악성 코드를 모든 유형의 파일에 숨길 수 있다는 것을 증명합니다.

• 이 보고서는“분석 결과 악성 코드 작성자가 스테가노그래피와 다른 인코딩 기술을 조합하여 코드를 해독하고 실행하는 것으로 나타났습니다.

• “재생 될 때 일부 WAV 파일은 눈에 띄는 품질 문제 나 결함이없는 음악을 제작했습니다.

WAV audio files are now being used to hide malicious code [www.zdnet.com]

Malicious code hiding in WAV audio can mine crypto [coingeek.com]

Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments [www.symantec.com]

Malware hackers using steganography in WAV audio files to hide malicious code [boingboing.net]

Malicious Payloads - Hiding Beneath the WAV [threatvector.cylance.com]

New cryptomining malware uses WAV audio files to conceal its tracks [thenextweb.com]

Attackers Hide Backdoors and Cryptominers in WAV Audio Files [www.bleepingcomputer.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

10/20 '19 answered

Oh come on this is a pretty basic method and someone now discovered that it can be used... BY NATION STATE HACKERS.

Here’s a newsflash!!!

Every file format can be used like this. EVERY.

It’s only a matter of doing that and not telling anyone.https://t.co/p6cKFH0Jw6
— ? ?????? 0x1338 ????? ? (@notameadow) October 17, 2019

Cylance reports that run-of-the-mill cryptominer uses .wav steganography previously used by Turla APT group https://t.co/CJO42ZTMTC pic.twitter.com/VHfDo6SEIe
— Virus Bulletin (@virusbtn) October 17, 2019

Malicious Payloads - Hiding Beneath the WAV: Cylance recently discovered obfuscated malicious code embedded within WAV audio files. Each file was coupled with a loader component for decoding & executing malicious content secretly woven in the audio data.? https://t.co/xkGIdVhNzq
— Russ McRee (@holisticinfosec) October 17, 2019

When played, some of the WAV files produced music that had no discernible quality issues or glitches. Others simply generated static (white noise). https://t.co/u1uqBClzLH
— UsHadrons (@ushadrons) October 18, 2019

Malicious Payloads - Hiding beneath the WAV : https://t.co/kzW0SFIKqT cc @asoni

How the OceanLotus Threat Group leveraged steganography to conceal malicious backdoor payloads within image files : https://t.co/Q6BS0Sx0uf (pdf) pic.twitter.com/rtNGwktqPH
— Binni Shah (@binitamshah) October 18, 2019

WAV audio files are now being used to hide malicious code...https://t.co/LB6pusysjj #cybersecurity #cyberawareness #infosec #gdpr #dataprivacy #pentest #NCSAM #CyberSecurityMonth
— Mats Nygren, CISSP, CRISC, CCNA Security, PMP (@IT_SPoKE) October 18, 2019

WAV audio files are now being used to hide malicious code | ZDNet https://t.co/beHysHjJ2r
— Jim Nitterauer (@JNitterauer) October 17, 2019

WAV audio files are now being used to hide malicious code

-malware ops are now using WAV-based steganography
-first group using it was Turla (because of course it was Turla)
-second is a crypto-mining operation this monthhttps://t.co/JDwYRhsvsN pic.twitter.com/wwXbYiX3FE
— Catalin Cimpanu (@campuscodi) October 16, 2019

Had a great time collaborating with the Cylance guys on this. And very cool finding some clever steg in the wild. https://t.co/21dFRWt7pc
— Jordan Barth ?️‍? (@jordanbarth) October 18, 2019

RT @shieldly: WAV audio files are now being used to hide malicious code. https://t.co/ABAlgcmIzH #Steganography #malware #PNG #JPG #WAV #CyberSecurity
— SpamTitan (@spamtitan) October 18, 2019

The technique is known as steganography -- the art of hiding information in plain sight, in another data medium. Read on to find out more via @ZDNet https://t.co/bCUnJzoUSe #malware
— Uppsala Security (@UPPSentinel) October 18, 2019

#APTGroup #Metasploit #Malware #CyberAttack #CyberSecurity
Hackers Embedded the Malicious Code Within WAV Audio Files to Gain Reverse Shell Access.https://t.co/9LTxaDGTUi pic.twitter.com/p0HXPlAOrh
— Cyber6X (@Franckyki) October 17, 2019

BlackBerry Cylance Threat Researchers recently discovered obfuscated malicious code embedded within WAV audio files.https://t.co/Vfw8YHX6HQ
— Lenny Mauricio (@LennyHydro) October 18, 2019

BlackBerry Cylance Threat researchers discovered #malware which hides malicious payloads in audio (.wav) files using Least Significant Bit (LSB) #steganography. Quite uncommon carrier as typically digital media files are utilized for this purpose. See:https://t.co/LRHgOkX6ID
— Wojciech Mazurczyk (@wmazurczyk) October 18, 2019

New cryptomining malware uses WAV audio files to conceal its tracks #cybersecurity #infosec #malware https://t.co/aO8jsD5epb
— Kenneth Holley (@kennethholley) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/PdwkL5F3iH
— TNW (@thenextweb) October 18, 2019

New #cryptomining #malware uses WAV audio files to conceal its tracks https://t.co/DwNAVyMdTw #cybersecurity #cybercrime via @thenextweb
— Video Forensics (@Video_Forensics) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/Uy8BK3oZH3
— TNW (@thenextweb) October 18, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/bWHEqSyrcE
— TNW (@thenextweb) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/5RaIv2Xay1
— TNW (@thenextweb) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/iHw7IprHe6
— TNW (@thenextweb) October 17, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Fileshttps://t.co/6Msnn7EV2z
— Chris Parker (@chrispcritters) October 19, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Files https://t.co/qAXSGLYDdp #cybersecurity
— Confist le Spider ?️ (@Confist1) October 18, 2019

Steganography is being weaponised in new ways ??‍♂️#CyberAware

Read more below!https://t.co/MN1NWN9zWa
— CySec Experts NG (@cyberexpertsng) October 17, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Files https://t.co/N4jZ6DYT06
— Nicolas Krassas (@Dinosn) October 16, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Fileshttps://t.co/Gse4ubDHWh

cc @z3roTrust
— Going to @GrrCON (@HackDefendr) October 17, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Files https://t.co/KwpqqXS6sv pic.twitter.com/IguP70kROV
— Colombia Solutions Dmc (@Colombia_Soluti) October 16, 2019

Bad actors are so clever: "Attackers Hide Backdoors and Cryptominers in WAV Audio Files" https://t.co/FkhFngfPlj
— Rey Bango (@reybango) October 17, 2019

"Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and #Monero #cryptominers on their targets' systems as BlackBerry Cylance threat researchers discovered." https://t.co/fps08Co3iW
— Tech Help KB ? (@techhelpkb) October 17, 2019

Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and Monero cryptominers on their targets' systems: https://t.co/OpN8zqVwE0
— Adam Levin (@Adam_K_Levin) October 16, 2019

WAV파일에 백도어와 암호화폐 채굴기를 위장시킨 케이스가 발견. https://t.co/jDIv5sGr4D
— 푸른곰 (@purengom) October 16, 2019

bleeping computer: attackers hide backdoors and cryptominers in wav audio files https://t.co/y8NtDo4mUT
— the crypto feed (@the_crypto_feed) October 16, 2019

permanent link

Open Wiki - Feel free to edit it. -

10/20 '19 answered

JPG, PNG 등 그림 파일에 악성 코드나 명령어를 숨기는 스테가노그래피 사례는 많으나, 올해 들어서 WAV 오디오 파일에 악성 코드를 숨겨 전송하는 사례들이 발견되기 시작했다고... https://t.co/g0WG2e9AI1
— H. Kim (@metavital) October 20, 2019

Malware hackers using steganography in WAV audio files to hide malicious code / Boing Boing https://t.co/ovbAnvEZQ9
— Philippe Vynckier - CISSP (@PVynckier) October 20, 2019

permanent link

Reply with curations

Related

Featured