Could Your WAV Audio Files Be Hiding Malicious Code?

Imagine a world where we could no longer trust that WAV files aren't carrying malicious code, hidden from security software and posing a serious risk to our computers.  

Viruses and malicious code are not what you'd normally think about when considering the most popular non-compressed audio file format in history, WAV. Yet, it seems music makers and consumers alike could be at risk of transfering malicious code through wave audio files.

According to ZDNet, there have been two recent instances where malicious code has been found lurking beneath the surface in WAV audio files using a process of 'hiding' the malicious code called steganography. 

"Using steganography has been popular with malware operators for more than a decade. Malware authors don't use steganography to breach or infect systems, but rather as a transfer method. Steganography allows files hiding malicious code to bypass security software that whitelists non-executable file formats (such as multimedia files)."

Graphic files like PNG and Jpeg have more traditionally be utilised by malware authors. However, 2019 has seen WAV files being used. While these file types can't self-execute, there are sophisticated ways that malware authors can trigger the code inside multimedia by using other software already downloaded onto the host's computer. 

The two instances where WAV files have been used for malware are fairly different. Symantec described the first instance as being an espionage attack that targeted a government state.

The second instance saw "each WAV file coupled with a loader component for decoding and executing malicious content secretly woven throughout the file’s audio data. When played, some of the WAV files produced music that had no discernible quality issues or glitches. Others simply generated static (white noise)." It appears this method uses XMRig Monero CPU miner for financial gain by mining cryptocurrencies.  

One of the reasons malware makers use multimedia files to transfer the malware is that security software tends not to be able to block all graphic and audio file types and discriminate which is hiding a DLL file with malware and which isn't.

But what can a conscious musician or producer do to prevent an issue? So, far it appears the executable aspect for this malware is for Windows PC and server platforms, not Mac. However, that can change overnight and it doesn't mean that WAV file you downloaded from that torrent is safe just because you use a Mac.

In fact, good advice would be to only download WAV files from audio production and sample library websites you trust. Obviously whatever files you create in your DAW will be OK as before, so look out for free samples or music being offered which doesn't quite add up. 

As malware authors become more sophisticated, creators and computer users need to keep themselves safer than ever before... so, please be careful and avoid pirating music / sample libraries and keep yourself and your friends OK

Take a break from worrying about malware and viruses and learn more about the audio production process with the popular pro audio video courses in the Ask.Audio Academy.

Rounik is the Executive Editor for Ask.Audio & macProVideo. He's built a crack team of professional musicians and writers to create one of the most visited online resources for news, review, tutorials and interviews for modern musician and producer. As an Apple Certified Trainer for Logic Pro Rounik has taught teachers, professional... Read More


Want to join the discussion?

Create an account or login to get started!