WAV 오디오 파일은 이제 악성 코드를 숨기는 데 사용

ment 10/20 '19 posted (10/20 '19 edited) 뉴스 IT

• WAV 파일을 남용하는 새로운 두 가지 악성 코드 캠페인 중 첫 번째 보고서는 6 월에 보고되었습니다.

• 이 새로운 캠페인에서 범죄자들은 파일의 오디오 데이터 전체에서 악성 컨텐트를 해독하고 실행하기 위해 로더 구성 요소를 짜는 것으로 보고되었습니다.

• 블로그 게시물에서 연구원들은 일부 WAV 파일에 XMRig Monero CPU 광부와 관련된 코드가 포함되어 있다고 밝혔습니다.

• 연구원들은“동일한 환경에서 페이로드가 모두 발견되었으며, 재정적 이익을 위해 악성 코드를 배포하고 피해자 네트워크 내에서 원격 액세스를 설정하는 양면 캠페인이라 제안했습니다.

• 이 새로운 캠페인은 안티 바이러스 프로그램을 개발하는 캘리포니아의 블랙베리 자회사인 Cylance에 의해 발견되었습니다.

• 단순히 정적 (백색 잡음)을 생성했습니다.

• 더 중요한 것은 이러한 유형의 공격은 사이버 범죄자가 악성 코드를 모든 유형의 파일에 숨길 수 있다는 것을 증명합니다.

• 이 보고서는“분석 결과 악성 코드 작성자가 스테가노그래피와 다른 인코딩 기술을 조합하여 코드를 해독하고 실행하는 것으로 나타났습니다.

• “재생 될 때 일부 WAV 파일은 눈에 띄는 품질 문제 나 결함이없는 음악을 제작했습니다.

WAV audio files are now being used to hide malicious code [www.zdnet.com]

Malicious code hiding in WAV audio can mine crypto [coingeek.com]

Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments [www.symantec.com]

Malware hackers using steganography in WAV audio files to hide malicious code [boingboing.net]

Malicious Payloads - Hiding Beneath the WAV [threatvector.cylance.com]

New cryptomining malware uses WAV audio files to conceal its tracks [thenextweb.com]

Attackers Hide Backdoors and Cryptominers in WAV Audio Files [www.bleepingcomputer.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

10/20 '19 answered

Oh come on this is a pretty basic method and someone now discovered that it can be used... BY NATION STATE HACKERS.

Here’s a newsflash!!!

Every file format can be used like this. EVERY.

It’s only a matter of doing that and not telling anyone.https://t.co/p6cKFH0Jw6
— ? ?????? 0x1338 ????? ? (@notameadow) October 17, 2019

Cylance reports that run-of-the-mill cryptominer uses .wav steganography previously used by Turla APT group https://t.co/CJO42ZTMTC pic.twitter.com/VHfDo6SEIe
— Virus Bulletin (@virusbtn) October 17, 2019

Malicious Payloads - Hiding Beneath the WAV: Cylance recently discovered obfuscated malicious code embedded within WAV audio files. Each file was coupled with a loader component for decoding & executing malicious content secretly woven in the audio data.? https://t.co/xkGIdVhNzq
— Russ McRee (@holisticinfosec) October 17, 2019

When played, some of the WAV files produced music that had no discernible quality issues or glitches. Others simply generated static (white noise). https://t.co/u1uqBClzLH
— UsHadrons (@ushadrons) October 18, 2019

Malicious Payloads - Hiding beneath the WAV : https://t.co/kzW0SFIKqT cc @asoni

How the OceanLotus Threat Group leveraged steganography to conceal malicious backdoor payloads within image files : https://t.co/Q6BS0Sx0uf (pdf) pic.twitter.com/rtNGwktqPH
— Binni Shah (@binitamshah) October 18, 2019

WAV audio files are now being used to hide malicious code...https://t.co/LB6pusysjj #cybersecurity #cyberawareness #infosec #gdpr #dataprivacy #pentest #NCSAM #CyberSecurityMonth
— Mats Nygren, CISSP, CRISC, CCNA Security, PMP (@IT_SPoKE) October 18, 2019

WAV audio files are now being used to hide malicious code | ZDNet https://t.co/beHysHjJ2r
— Jim Nitterauer (@JNitterauer) October 17, 2019

WAV audio files are now being used to hide malicious code

-malware ops are now using WAV-based steganography
-first group using it was Turla (because of course it was Turla)
-second is a crypto-mining operation this monthhttps://t.co/JDwYRhsvsN pic.twitter.com/wwXbYiX3FE
— Catalin Cimpanu (@campuscodi) October 16, 2019

Had a great time collaborating with the Cylance guys on this. And very cool finding some clever steg in the wild. https://t.co/21dFRWt7pc
— Jordan Barth ?️‍? (@jordanbarth) October 18, 2019

RT @shieldly: WAV audio files are now being used to hide malicious code. https://t.co/ABAlgcmIzH #Steganography #malware #PNG #JPG #WAV #CyberSecurity
— SpamTitan (@spamtitan) October 18, 2019

The technique is known as steganography -- the art of hiding information in plain sight, in another data medium. Read on to find out more via @ZDNet https://t.co/bCUnJzoUSe #malware
— Uppsala Security (@UPPSentinel) October 18, 2019

#APTGroup #Metasploit #Malware #CyberAttack #CyberSecurity
Hackers Embedded the Malicious Code Within WAV Audio Files to Gain Reverse Shell Access.https://t.co/9LTxaDGTUi pic.twitter.com/p0HXPlAOrh
— Cyber6X (@Franckyki) October 17, 2019

BlackBerry Cylance Threat Researchers recently discovered obfuscated malicious code embedded within WAV audio files.https://t.co/Vfw8YHX6HQ
— Lenny Mauricio (@LennyHydro) October 18, 2019

BlackBerry Cylance Threat researchers discovered #malware which hides malicious payloads in audio (.wav) files using Least Significant Bit (LSB) #steganography. Quite uncommon carrier as typically digital media files are utilized for this purpose. See:https://t.co/LRHgOkX6ID
— Wojciech Mazurczyk (@wmazurczyk) October 18, 2019

New cryptomining malware uses WAV audio files to conceal its tracks #cybersecurity #infosec #malware https://t.co/aO8jsD5epb
— Kenneth Holley (@kennethholley) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/PdwkL5F3iH
— TNW (@thenextweb) October 18, 2019

New #cryptomining #malware uses WAV audio files to conceal its tracks https://t.co/DwNAVyMdTw #cybersecurity #cybercrime via @thenextweb
— Video Forensics (@Video_Forensics) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/Uy8BK3oZH3
— TNW (@thenextweb) October 18, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/bWHEqSyrcE
— TNW (@thenextweb) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/5RaIv2Xay1
— TNW (@thenextweb) October 17, 2019

New cryptomining malware uses WAV audio files to conceal its tracks https://t.co/iHw7IprHe6
— TNW (@thenextweb) October 17, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Fileshttps://t.co/6Msnn7EV2z
— Chris Parker (@chrispcritters) October 19, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Files https://t.co/qAXSGLYDdp #cybersecurity
— Confist le Spider ?️ (@Confist1) October 18, 2019

Steganography is being weaponised in new ways ??‍♂️#CyberAware

Read more below!https://t.co/MN1NWN9zWa
— CySec Experts NG (@cyberexpertsng) October 17, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Files https://t.co/N4jZ6DYT06
— Nicolas Krassas (@Dinosn) October 16, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Fileshttps://t.co/Gse4ubDHWh

cc @z3roTrust
— Going to @GrrCON (@HackDefendr) October 17, 2019

Attackers Hide Backdoors and Cryptominers in WAV Audio Files https://t.co/KwpqqXS6sv pic.twitter.com/IguP70kROV
— Colombia Solutions Dmc (@Colombia_Soluti) October 16, 2019

Bad actors are so clever: "Attackers Hide Backdoors and Cryptominers in WAV Audio Files" https://t.co/FkhFngfPlj
— Rey Bango (@reybango) October 17, 2019

"Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and #Monero #cryptominers on their targets' systems as BlackBerry Cylance threat researchers discovered." https://t.co/fps08Co3iW
— Tech Help KB ? (@techhelpkb) October 17, 2019

Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors and Monero cryptominers on their targets' systems: https://t.co/OpN8zqVwE0
— Adam Levin (@Adam_K_Levin) October 16, 2019

WAV파일에 백도어와 암호화폐 채굴기를 위장시킨 케이스가 발견. https://t.co/jDIv5sGr4D
— 푸른곰 (@purengom) October 16, 2019

bleeping computer: attackers hide backdoors and cryptominers in wav audio files https://t.co/y8NtDo4mUT
— the crypto feed (@the_crypto_feed) October 16, 2019

permanent link

Open Wiki - Feel free to edit it. -

10/20 '19 answered

JPG, PNG 등 그림 파일에 악성 코드나 명령어를 숨기는 스테가노그래피 사례는 많으나, 올해 들어서 WAV 오디오 파일에 악성 코드를 숨겨 전송하는 사례들이 발견되기 시작했다고... https://t.co/g0WG2e9AI1
— H. Kim (@metavital) October 20, 2019

Malware hackers using steganography in WAV audio files to hide malicious code / Boing Boing https://t.co/ovbAnvEZQ9
— Philippe Vynckier - CISSP (@PVynckier) October 20, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured