"compressed .wav files"

Interesting that the malware author isn't using actual compressed audio (No idea why the Twitter poster seems to think wave files are compressed) I would assume that you'd want to transmit as little data to evade detection.