Hackers have come up with a new method to hide viruses: inserting them inside voice messages. Here's how to defend yourself
The techniques used by cybercriminals to spread malware and viruses in the files we use every day are increasingly refined. The latest and particularly dangerous trick is to hide them inside normal audio files with WAV extension.
This has been discovered by Cylance, a company of the BlackBerry group that deals with artificial intelligence applied also to cybersecurity. The company has discovered some audio files that hid, inside them, a virus to undermine cryptocurrency without the user's knowledge. The peculiarity of this episode is not so much the virus (there are several cryptominer nowadays) as the technique used to hide it: steganography. Steganography is a set of methods used to hide data by hiding them inside other data. Exactly what Cylance has discovered: the code of a virus incorporated and hidden between the data of a file of common use.
Virus in the white noise
The hackers' stunt, this time, has been to insert inside the WAV file some additional data (those of the virus) that didn't modify enough the file to make the listener hear audio defects. Basically, "white noise" was added to the file, which the human ear discards altogether. But when the audio file is executed, then the virus is also activated and the infection starts with all its consequences.
Virus in audio files: how it spreads
This method allows viruses to pass unscathed by most antivirus scans, because the malware is not immediately found inside the file, but it is only "revealed" once the audio file is loaded into memory and executed. That's why the hackers behind this virus opted for a classic e-mail dissemination campaign, which was the most convenient for them (knowing that e-mail box antivirus would not detect the virus). Once the audio file is started, the malware immediately launches the XMRig utility that exploits the power of the infected computer to generate Monero cryptocurrencies.
Virus in audio files: what you risk
This type of virus is not very dangerous: the only real damage is the loss of performance due to the fact that there is code that exploits our CPU in the background. The spreading method, on the other hand, is alarming because it can also be used to hide far more dangerous viruses. But that's not all: this method allows viruses to be spread very easily: an infected smartphone, for example, could insert the virus code inside every voice note we send on any instant messaging service.