Spider-Man: No Way Home is a huge movie, which opens it up to being one of the most pirated flicks of the year.
Unfortunately for pirates, by downloading copies of this movie from shady websites they’ve made themselves vulnerable to a malware attack. For anyone downloading, copies of the flick are exposing their PC’s to crypto-mining malware.
Researchers from ReasonLabs, a cybersecurity firm have deduced that the Spider-Man: No Way Home copies circulating torrent websites have a sort of malware that diverts the user’s PC to mining the “privacy coin” named Monero.
The file in question is “spiderman_net_putidomoi.torrent.exe,” which translates from Russian to “spiderman_no_wayhome.torrent.exe,” which hints at the torrent’s source: “most likely from a Russian torrenting website,” per ReasonLabs.
The crypto mining malware also adds exclusions to the Windows Defender antivirus software, as well as creates a “watchdog process” for any form of persistence. Once it’s done killing any processes it may share with the name of its components, it’ll proceed to launch 2 new ones, Sihost64.exe and WR64.exe. When those are up and running, the malware will run XMrig, which is an open-source Monero miner.
We identified a Monero miner attached to a torrent download of 'Spider-Man: No Way Home.'
— ReasonLabs (@Reasonsecurity) December 23, 2021
While the malware doesn’t steal personal information, ReasonLabs drew attention to the fact that it does exact a cost on the victim to the malware attack, in the form of an increased electricity bill, and not to mention high CPU usage, the latter of which will really cause their machine to slow down. ReasonLabs recommends “taking extra caution when downloading the content of any kind from non-official sources – whether it’s a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download.”
Malware of this sort, that is to say, one’s that trick users into mining crypto like this, are unfortunately a growing phenomenon. In the early half of this year, they were the most popular and common family of malware that Trend Micro, another cybersecurity firm, detected. The firm identified nearly 75,000 instances of cryptojacking malware.
Monero has transformed into cybercriminals’ favorite as it incorporates privacy features into its being, thereby making it very challenging to trace.