Cryptomining Malware Found in Spider-Man: No Way Home Torrents

Security firm ReasonLabs is warning moviegoers that pirated copies of Spider-Man: No Way Home contain cryptomining malware.

The film is the first to gross more than $ 1 billion at the box office. But with no way yet to watch the movie at home, it has been leaked on torrent sites for the past couple of weeks.

Now ReasonLabs says it found malware used to mine Monero cryptocurrency in a file called “spiderman_net_putidomoi.torrent.exe”, – Russian for “spiderman_no_wayhome.torrent.exe”.

The origin of the file, he says, is most likely a Russian torrent site, and he hopes to find out more soon.

“While this malware does not compromise personal information (which most users fear when they think of a virus on their computer), the damage caused by a miner can be seen in the company’s electric bill. user “, explains the firm.

“This is real money that they have to pay, since the miner operates for long periods of time. Additionally, the damage can be felt on a user’s device, as minors often require use. high processor, which significantly slows down the computer. ”

The malware appears to be derived from the open source SilentXMRMiner project, available on GitHub, which has a point-and-click interface that allows for the easy creation of new miners that can work with a range of cryptocurrencies.

After the movie is downloaded, it adds exclusions to Windows Defender to stop tracking malware actions, creates persistence, and spawns a monitoring process to keep it active. He then begins mining Monero – a relatively untraceable and anonymous cryptocurrency – for the benefit of its creators.

ReasonLabs says it has found a number of different versions – “some more obscured than others” – that many types of traditional antivirus software can escape.

“We recommend that you be very careful when downloading content of any kind from unofficial sources – whether it is a document in an email from an unknown sender, a hacked program from a fish download portal or a file from a torrent download, “Solidifier says.

“A simple precaution you can take is to always check that the file extension matches the file you expect, for example in this case a video file should end with ‘.mp4’, not ‘.exe’.”

This year, cryptocurrency mining overtook spyware as the world’s most prevalent malware, with NTT’s 2021 Global Threats Report revealing that it accounted for 41% of all malware detected last year.

According to the report, while cryptominers were relatively rare in Asia, they dominated activity in Europe, the Middle East and Africa, and are used in a multitude of circumstances.

Comments are closed.