- A malicious cryptominer has been deployed on torrent downloads of the new record-breaking film: “Spider-Man: No Way Home”.
- The miner malware, like many others seen before, persistently feeds on user CPU power, increasing power consumption and costs.
The Marvel Studios film “Spider-Man: No Way Home” has seen record-breaking worldwide viewership among enthusiastic fans, something a malicious cryptominer seems to be taking advantage of. The film has brought in more than $750 million worldwide since it debuted last week. While others have seen it in theaters, others have chosen to torrent the film, and may now be bearing costly consequences of the same.
According to cybersecurity firm ReasonLabs, malicious players have attached Monero miners to Russian torrent files of the new film. The research team explains that the malware is hard to detect since it is not written in .net. It is also currently not available on Virus Total – a multiple virus detecting tool. Even more, the malware disguises itself by presenting authentic names for the files and processes it leaves in its wake.
The cryptominer runs for long periods, with great hunger for CPU power, the team notes. This slows down the user’s device and increases electricity consumption and costs.
Monero cryptominer exploits Spiderman’s fame
ReasonLabs says it stumbled upon the cryptominer through its large malware database which it has amassed over several years. One user happened to download the Spiderman film, at which point it got flagged by the database as a threat. Exactly the number of people that have unsuspectingly downloaded the Monero cryptominer is not known at the moment. However, the malware-attached file has been around for a while. It is also a new ‘edition’ of previous similar miners that were camouflaged as ‘windows updater,’ and ‘discord app.’ These reasons point to a likely high number of victims.
BreachQuest CTO, Jake Williams, says torrents have been used by threat actors to distribute malware long before cryptominers were a thing. He gives an example of malware that was spread in the form of Whitney Houston screensavers after the famed musician’s passing.
The team at ResearchLabs agrees, saying it is increasingly common for a malicious cryptominer to be deployed in the form of common programs, files of interest, current events, and popular apps. Often, these files are pirated, with threat actors feeding on the reduced likelihood users will seek technical support or share the matter should the files produce negative effects.
Recommended precautions
The team at ReasonLabs recommends extra caution when downloading content, especially from non-official sources. These include emails from unknown senders, cracked programs from fishy download portals, or files from a torrent download.
Additionally, file extensions should always match the type of downloaded file. “In this case, a movie file should end with ‘.mp4’, not ‘.exe’, ReasonLabs notes. Researching files before downloading them should also be a priority. The team is still researching the origin of the cryptominer.