Specialists at BlackBerry Cylance, an antivirus software developer, discovered the hidden Monero miner (XMR) in WAV audio files.
When playing some files, music played without quality problems, others simply generated white noise.
Analysis showed that the audio files contain code associated with the XMRig miner for mining XMR on the central processing unit (CPU). Another piece of malicious content includes the Metasploit code to create the back shell, which allows you to set up remote access within the victim’s network.
Experts noted that the steganography-based method used by the attacker allows code to be executed from a harmless file format. Theoretically, executable content can be hidden inside any type of file, provided that the structure and processing of the container format are not damaged.
Such a strategy significantly complicates the detection of malicious content, BlackBerry Cylance experts emphasized.
Recall, experts at Palo Alto Networks previously found a hidden code for mining Monero in Docker container images.
Follow BlockchainJournal on Twitter !
BlockchainJournal.news
BlockchainJournal.news
