No Way Home’ Pirated Downloads Contain Crypto-Mining Malware

Crypto Mining Malware

Peter Parker may not be a cryptocurrency intellectual criminal, but the name Spiderman is increasingly becoming associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity detection and prevention software, recently discovered a new way of hacking malware on customer computers in the guise of the latest Spiderman movie.

As perhaps the most talked about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers. It’s an opportunity to connect with millions of potential targets and hack into computers around the world. All today’s malicious actors have to do is promise their victims access to the latest movie and get a full access pass to their PC.

The cryptocurrency mining malware discovered by ReasonLabs masquerades as a torrent for the movie Spiderman: No Way Home, encouraging viewers around the world to download the file and open the computer to criminals.

Wearing a mask: tricking users into downloading malicious software

Cybersecurity problems are increasing in today’s digital world. Around 714 million attempted ransomware attacks were reported by 2021, an increase of 134% over 2020. As people spend more time online, for both work and entertainment, criminals are discovering new opportunities to identify easy targets. One of the easiest ways for criminals to find their victims is with the right decoy.

Automatic GitHub Backups

With many viewers still unable to attend physical theaters due to lockdown restrictions, fans of the Spiderman franchise have been itching to get the film elsewhere. This could be why so many people chose to download the “leaked” file, identified as: spiderman_net_putidomoi.torrent.exe, when it first appeared.

However, according to ReasonLabs, this is far from the first time that criminals have tried to trick users into convincing them that they are downloading something they want.

While most people are aware of the threats associated with unknown files, criminals are great at making your downloads appear legitimate. This specific cryptocurrency mining malware may have existed in several different guises before donning the Spiderman suit. ReasonLabs believes that it has also been circulating as applications such as Discord or Windows Updater.

What does Spiderman malware do?

The malware embedded in the Spiderman: No Way Home torrent is not included in VirusTotal at this time, but ReasonLabs believes it has been around for quite some time and affects numerous users.

ReasonLabs noted that they frequently see miners deploying disguised as common programs and files. Crypto mining tools hidden in archives have become increasingly popular in recent years, because they offer easy access to cash. Hiding a crypto miner in a file that is sure to attract a lot of attention, like a Spiderman movie, makes it easy to target as many victims as possible.

Crypto Mining Malware

When a user downloads the file, the code adds exclusions to Windows Defender to prevent it from tracking their actions, generates watchdogs for protection, and creates persistence. The general purpose of the malware is to mine a kind of cryptocurrency called Monero (XMR), one of the least traceable and anonymous cryptocurrencies frequently used on the dark web.

Avoid data breaches

Users affected by the malware may not immediately notice any changes to their computer. However, as the technology builds on the power of your CPU, you may start to see a reduction in speed and problems with the overall functionality of your computer. Furthermore, the damage is likely to show up on the electricity bill as well, as the devices need to consume additional power for mining.

Even Spiderman is not safe

As consumers continue to spend more time online, malicious people are actively looking for new and improved ways to trick their users into downloading suspicious files. The Spiderman torrent malware is just one excellent example of this.

ReasonLabs found the malware during a routine search of the files in its important database. The company has collected a large amount of malware data over the years and routinely checks for any files that can be identified as suspicious. After one of the ReasonLabs users downloaded the Spiderman file, it was immediately flagged as a suspect and flagged for investigation.

ReasonLabs is currently still in the process of actively investigating where this malware is coming from and expects to provide additional information soon. In the meantime, watch out for spiders you trust.

The full ReasonLabs report


Leave a Comment