Attackers behind a new malicious campaign are using WAV audio files to hide and drop backdoors on their targets’ systems as BlackBerry Cylance threat researchers discovered. This is only the second time threat actors were seen abusing audio files for their malicious purposes. The same Steganography method was employed to infect targeted devices with XMRig Monero cryptominers or Metasploit code designed to establish a reverse shell shell. The MetasPloit and XMs payloads were discovered on the same machines hinting at a campaign designed to use their victims’ devices for cryptojacking purposes.
Source: https://www.bleepingcomputer.com/news/security/attackers-hide-backdoors-and-cryptominers-in-wav-audio-files/