Search This Blog

Showing posts with label Steganography. Show all posts

Cybersecurity Researchers Discovered Attack Which Uses WAV Audio Files to Hide Malicious Code


We are living in an age where user security being breached is one of the most familiar headlines we come across in the cybersecurity sphere, attackers have continued to discover unprecedented ways to compromise user data and have strengthened the older ones.

A widely used technique which allows hackers to break into computers and extract user data without getting noticed is resurfacing again, this time making the detention even more complex by embedding the malware inside audio files resembling the regular WAV format audio files on the computer, according to the cybersecurity researchers at Cylance, a California based software company that develops antivirus programs and other software to prevent malware.

Hackers employed a method known as ‘Steganography’ to hide and deliver malware, it involves hiding a file, video or message with the help of some other file. Researchers at Cylance discovered the malicious code embedded inside the WAV audio files with each file containing a ‘loader component’ which decodes and executes the malware. The threat actors carry out these malicious activities using a crypto mining application known as XMRig Monero CPU Miner.

Although, hackers have used viruses and spyware to infect files and break into computers previously, this is the first time ever where a file has been explicitly used to deliver a crypto mining software into a system. Cybercriminals are always looking to undo the measures taken by security officials. It is evident from how they are now employing even sophisticated strategies as earlier, the only way to deliver crypto mining malware was through malicious scripts on browsers, websites or software programs that came with malware.

Referencing from the statements given by Josh Lemos, VP of Research and Intelligence at BlackBerry Cylance, to Help Net Security.  “One WAV file contained music with no indication of distortion or corruption and the others contained white noise. One of the WAV files contained Meterpreter to establish a reverse-shell to have remote access into the infected machine. The other WAV files contain the XMRig Monero crypto-miner,”

“Attackers are creative in their approach to executing code, including the use of multiple files of different file formats. We discovered several loaders in the wild that extract and execute malicious code from WAV audio files. Analysis revealed that the malware authors used a combination of steganography and other encoding techniques to deobfuscate and execute code” the researchers at Cylance pointed out.

“The similarities between these methods and known threat actor TTPs may indicate an association or willingness to emulate adversary activity, perhaps to avoid direct attribution,” the researchers further remarked.

In order to stay guarded, users are advised to have proper anti-virus tools installed on their computers and stay alert while downloading any kind of file from the internet.

New Steganography method TranSteg hides Data in VoIP(IP Telephony)

Researchers from Warsaw University of Technology, Institute of Telecommunications find a new Steganography method that helps to hide the Data in VoIP(IP Telephony).  The method is named as "TranSteg((Transcoding Steganography)". 

Voice over IP (VoIP), or IP telephony, is one of the services of the IP world that is changing the entire telecommunication’s landscape. It is a real-time service, which enables users to make phone calls through data networks that use an IP protocol.
Steganography encompasses various information hiding techniques, whose aim is to embed a secret message(steganogram) into a carrier (image,audio,video). Steganographic methods are aimed at hiding of the very existence of the communication, therefore any third-party observers should remain unaware of the presence of the steganographic exchange.


In TranSteg it is the overt data that is compressed to make space for the steganogram. The main innovation of TranSteg is to, for a chosen voice stream, find a codec that will result in a similar voice quality but smaller voice payload size than the originally selected. Then, the voice stream is transcoded. At this step the original voice payload size is intentionally unaltered and the change of the codec is not indicated. Instead, after placing the transcoded voice payload, the remaining free space is filled with hidden data. TranSteg proof of concept implementation was designed and developed.

TranSteg detection is difficult to perform when performing inspection in a single network localisation.