Monero-Mining Malware Found Embedded in Audio Files

Cybersecurity firm BlackBerry Cylance released a research report which suggests that hackers have employed steganography, the art of concealing an item in another, as a part of their operations. Specifically, this new hacking method involves concealing malware into a WAV audio file to hide its malicious code and move past conventional detection methods. The cybersecurity company revealed that each of these WAV files contains a loader component, which will go on to decode and execute malicious content in the audio files. Several threat actors were reportedly examined, with some even embedding JPEG and PNG files with their malware and sending them out. Some malware attackers have also gotten their malware into WAV files. The malicious audio files were found to be embedded with XMRig, a mining malware used to mine privacy-focused crypto-asset Monero (XMR). The WAV files discovered by the firm also employed the same infrastructure — one which indicates the campaign employed to get remote access over the victims’ networks.

Hackers Love Monero

Hackers love stealing cryptocurrencies, but they like Monero (XMR) more than others. While malware attackers have been known to target Bitcoin (BTC) in the past, the progress made in tracking them through the asset has forced them to move to another asset; the privacy-focused XMR. In June, researchers from cybersecurity firm Trend Micro were able to track Black Squid, a cryptojacking malware which they claimed was affecting computers across Thailand and the United States. While measures have been taken to reduce the efficacy of cryptojacking and keep its effects to a minimum, the Black Squid malware definitely breathed new life to the criminal activity. After receiving a lot of activity reports, authorities in the two target countries put Black Squid into the limelight — and the reason for its popularity was soon recognized.

Black Squid

As BeInCrypto reported, the malware was able to employ several means to hack into computer systems. Thanks to its use of anti-virtualization, anti-sandboxing, and anti-debugging, the malware could take out any steps that could potentially alert victims of its presence. In addition to that, the cybersecurity firm noted that the malware has worm-like propagation abilities, thus making it easy for it to infect other systems that are discovered on the same server as well. With such a potential to get processing power, its popularity amongst hackers was quite obvious. What do you think about the improved methods used by the crypto jackers behind XMRig? What precautions do you take to stop yourself from falling victim to similar attacks? Let us know your thoughts in the comments below.