Security researchers have discovered a new campaign by cybercriminals that\u2019s hiding cryptojacking malware in WAV audio files. This comes just days after the first cryptojacking worm, known as Graboid, was discovered by another group of security experts, indicating just how rapidly the tactics are shifting. In this new campaign, the criminals were reportedly weaving in a loader component for decoding and executing malicious content throughout the file\u2019s audio data. This new campaign was discovered by Cylance, a California-based subsidiary of BlackBerry that develops antivirus programs. In a blog post, the researchers revealed that some of the WAV files contain code associated with the XMRig Monero CPU miner. Others contained Metasploit code used to establish a reverse shell, effectively giving the attackers unrestricted access to their victim\u2019s machine. The researchers stated, \u201cBoth payloads were discovered in the same environment, suggesting a two-pronged campaign to deploy malware for financial gain and establish remote access within the victim network.\u201d What makes the attack very difficult to detect is that embedding the malware has no effect on the quality of the files. \u201cWhen played, some of the WAV files produced music that had no discernible quality issues or glitches. Others simply generated static (white noise),\u201d the report stated. Even more significantly, this type of attack proves that cybercriminals can hide malware into any type of file, the researchers noted. The report noted, \u201cThese techniques demonstrate that executable content could theoretically be hidden within any file type, provided the attacker does not corrupt the structure and processing of the container format. Adopting this strategy introduces an additional layer of obfuscation because the underlying code is only revealed in memory, making detection more challenging.\u201d The practice of hiding malware in plain sight isn\u2019t a new concept. However, this marks the first time that audio files have been used to spread crypto mining malware, proving just how popular cryptojacking has become. The report concluded, \u201cAnalysis revealed that the malware authors used a combination of steganography and other encoding techniques to deobfuscate and execute code. These strategies allowed attackers to conceal their executable content, making detection a challenging task.\u201d As CoinGeek recently reported, security researchers from Palo Alto Networks\u2019 Unit 42 recently discovered a new cryptojacking worm which they named Graboid. Thought to be the first of its kind, the worm uses its hosts to mine Monero while spreading to other systems.