logoalt Hacker News

Malware embedded into audio driver is silently recording from system mic

30 pointsby CGMthrowawaytoday at 12:53 AM7 commentsview on HN

Comments

bri3dtoday at 2:22 AM

I’m not sure this isn’t just some garden variety RAT that was named “audiod.exe”? The author seems kind of confused; there’s nothing driver related I can see here. They claim the malware was “injected” into a legitimate process, but the Microsoft audio graph process is “audiodg.exe”

jml7c5today at 2:43 AM

According to the vx-underground Twitter account, this is just Regin (which was first described in 2014): https://x.com/vxunderground/status/1995309917805179141

https://en.wikipedia.org/wiki/Regin_(malware)

show 2 replies
jacquesmtoday at 2:20 AM

That's an OVH Singapore IP, did they flag this to OVH? That server should be taken offline and the contents preserved for forensics.

show 1 reply
efilifetoday at 2:46 AM

I quickly skimmed at through twitter and youtube profiles and it's apparent that this guy has no idea of what he's talking about

fishgoesblubtoday at 2:34 AM

"compressed .wav files"

Interesting that the malware author isn't using actual compressed audio (No idea why the Twitter poster seems to think wave files are compressed) I would assume that you'd want to transmit as little data to evade detection.