Malware hidden in a torrent of Spider-Man: No Way Home
Malicious hackers often hide malware in pirated content. Researchers from ReasonsLab found a Monero cryptominer on the torrent of a new Spider-Man movie.
Spider-Man: No Way Home hit the movie theaters in the middle of December. Some fans eager to see the film turned to illegal download sites instead of going to the theater. And for some, this decision will cost way more than just the $10 they saved on the movie.
Cybersecurity company ReasonLabs recently found that someone has placed a Monero miner in a torrent download of what seems to be the new movie Spider-Man: No Way Home.
The file identifies itself as "spiderman_net_putidomoi.torrent.exe," which translates from Russian to "spiderman_no_wayhome.torrent.exe." Researchers presume that the file most likely comes from a Russian torrenting website. This miner adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity.
Once installed on the victim's computer, the malware is used to mine Monero, a cryptocurrency loved by cybercriminals due to its anonymous nature.
During the last year, though, malicious cryptomining has seen a resurgence, with NTT's 2021 Global Threat Intelligence Report revealing that cryptominers have now overtaken spyware as the world's most common malware.
Cryptominers made up 41% of all detected malware in 2020 and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user's computer to mine Monero, accounting for 82% of all mining activity. Others included Cryptominer and XMR-Stak.
Often, threat actors try to slip malware into a victim's computer through phishing or injecting a script into a website or an ad. But they are also well aware that people are hunting for pirated software and content to save money. For example, cybersecurity company Sophos published a detailed report on the Racoon Stealer malware disguised as pirated software that grabs cryptocurrencies, passwords, and cookies while dropping malicious content on targeted systems.
ReasonLab researchers recommend taking extra caution when downloading content of any kind from non-official sources – whether it's a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download.
"One easy precaution you can take is always to check that the file extension matches the file you are expecting, e.g., in this case, a movie file should end with ‘.mp4’, not ‘.exe.’ Try to gather information about the file, and always think twice before double-clicking on it. To make sure you see the real file extension, open a folder, go to ‘View’ and check ‘File name extensions.’ This will make sure you see the full file type," they said.
More from CyberNews:
Subscribe to our newsletter