I don't think anyone commenting so far really "gets" it. If this exists (and I'd be surprised if it doesn't even if this instance proves to be fake), this isn't your typical spam spewing or ransomware virus. It's more like Stuxnet. It would likely be targeted and very dangerous. And scary.
The point of the sound based communication isn't to infect a non-infected computer, it's to get data off of or on to a computer that was infected via USB, but isn't connected to the internet. If there is another infected computer that IS connected to the internet within range, it can be used to proxy the data. What types of computers are not allowed to have any access to the internet and would require this type of data transmission? Stuff you really don't want the enemy to have access to. Highly sensitive information, power grid control systems, dam control systems, financial trading systems, etc. And since they're not connected to a network, the only way to get data onto or off of these systems would be a removable device like a USB stick.
And it would be damn near undetectable. All communication between your operating system and the computer would be filtered through it. Normally it would just pass this communication unaltered to the real hardware, but it could monitor and alter anything it wanted to (memory access, data from the hard drive, network packets, keystrokes, etc) w/o any software having any way to know that it was there.
It wouldn't have to be very big, roughly the same size as the existing BIOS, even less if it just updates the parts that it wants instead of totally replacing it.
The rate of infection could be massive, and we'd have no clue since it wouldn't have any impact normally. The scariest use of something like this would be a massive cyberattack - either alone or in conjunction with a physical attack. Infected computers that were connected to the internet could be given a date and time for a coordinated attack days or weeks ahead of time. During that time those could use the sound based communication to give this date and time to any infected non-connected computers they come in range of. Only a few bytes of data, easily transmittable. At the specified time, suddenly a significant portion of the computers in the targeted country would either stop working, or would start working against the target. Including some supposedly hardened computers that control critical systems like water, power, manufacturing, traffic control, etc. Bad stuff ensues.
An extension of this could work on systems that aren't equipped w/ a microphone or speaker. Computers in close proximity (say a bunch of servers in a rack) could probably communicate without it. The transmitting computer could send by changing c-states rapidly. The generated EMF could probably be detected by the voltage sensors in nearby servers.
Anyways, I just wanted to counter the people chiming in and saying that it's not possible. It's not only very possible, I'd go so far as to say it's likely. The only questions in my mind are: who is it targeting and what's the current infection rate? Both are questions that we won't know the answers to until it's actually used.
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name
These credit cards feature OLEDs that light up upon payment
