The worldwide excitement around the release of ‘Spider-Man: No Way Home’ has created a perfect atmosphere for attackers to disseminate a Monero cryptominer disguised as a download of the recently released film.
According to a recent ReasonLabs alert, a torrent download of ‘Spider-Man: No Way Home’ is spreading, infested with a persistent Monero cryptominer. A user had marked the file since it didn’t match any other suspicious files in their database. Researchers said while they don’t know how many times the miner has been downloaded, they feel it’s been there for a while.
“The Spiderman malware is actually a new ‘edition’ of a previously known malware that was disguised as various popular apps in the past such as ‘windows updater,’ ‘discord app,’ and now the Spiderman movie,” ReasonLabs teams described in a report on Thursday. “This suggests that it’s been downloaded a lot.”
Researchers also said no one has yet recognized this malware variant. The cryptominer’s file name gets translated from Russian “spiderman_net_putidomoi.torrent.exe” to “spiderman_no_wayhome.torrent.exe” in English, and it may add exclusions to Windows Defender. It also includes a “watchdog process” for long-term stability.
According to the ReasonLabs analysis, once the cryptominer is downloaded, the victim may not realize it’s there, working in the background, pulling both power and CPU capacity. The origins of the cryptominer are still being investigated by ReasonLabs.
If it is essential to download potentially harmful content, ReasonLabs experts advised users to double-check any movie file’s file extension to ensure it ends in.mp4 rather than.exe.
This incident isn’t the first time pop culture has been used to propagate malware. Some cybersecurity organizations warned last week, just before the film’s release, that hackers were exploiting the new comic book film – and its actors – as baits in a phishing effort to steal banking information.