Hackers are using advanced obfuscation techniques to embed malware in music files. According to Cylance, strains of malware have been found embedded in WAV audio files. They appear uncorrupted and play just fine, although some generate static noise.
Once the files are downloaded or opened, malicious code containing the XMRig Monero CPU miner is executed. The malware is reported to consist of two main components, a Least Significant Bit (LSB) stenography code, and decoders to execute the worm.