Spider-Man: No Way Home has been a worldwide box office success, bringing back fond memories of many people’s favourite childhood superhero. Those who obtain pirated copies of the latest Marvel film, on the other hand, receive more than just memories. Researchers have warned that the pirated copies contain cryptocurrency mining malware.
According to Reason Cybersecurity researchers, downloading a pirated copy of Spider-Man: No Way Home from a torrent website can invite mining malware. According to the researchers, many pirated copies of the film that are being shared on the internet contain a cryptojacking malware called “spiderman net putidomoi.torrent.exe.”
After infecting a system, the malware successfully hijacks its computing power and redirects it to mining the privacy coin Monero. ReasonLabs researchers claim in a blog that the malware is “most likely from a Russian torrenting website.”
It does not attempt to steal information from a target system because it is cryptojacking malware. However, it significantly increases a PC’s CPU usage for cryptocurrency mining, resulting in an increase in the electricity bill. Researchers warn that the miner can run for extended periods of time, gradually slowing down an infected device.
The number of times the malware has been downloaded is unknown at the moment. They do, however, mention that the malware has been around for a while.
The malware is difficult to detect. According to the researchers, once a system is infected, the malware adds exclusions to Windows Defender. Furthermore, it launches a watchdog process to continue untraceable mining on the victim CPU. This means that the malware terminates any process with the same name as one of its components. This ensures that only one instance is active at any given time.
The researchers advise people to avoid downloading such content from unauthorised sources. The blog suggests that users always check the file extension to ensure that they are downloading the correct file. A movie file, for example, should end with “.mp4” rather than “.exe.” Users should conduct a thorough examination of the content they download as well as the source from which they download it.
The perpetrators of DarkWatchman, an extremely difficult-to-detect malware that can execute remote commands and transmit valuable data to the threat actor, use a similar method of malware distribution. The malware is distributed as a ZIP attachment in phishing emails. The ZIP file contains a text file that is actually an executable file disguised as a text file. The file has the capability of installing a RAT and a keylogger on the target system.