“Spider-miner, spider-miner, does whatever a miner can.”
The latest Spider-Man film debuted this month to rave reviews and shot up to become the first film in the pandemic era to hit $1 billion in box office. As they have always done, cybercriminals are quickly taking advantage of this popularity to target their victims. This time, they are spreading Monero mining malware disguised as pirated copies of the film on torrent sites.
The malware was discovered by New York-based cybersecurity company ReasonLabs.
We identified a Monero miner attached to a torrent download of 'Spider-Man: No Way Home.'
— ReasonLabs (@Reasonsecurity) December 23, 2021
According to the firm, the file identifies as “spiderman_net_putidomoi.torrent.exe,” which translates from Russian to “spiderman_no_wayhome.torrent.exe.” This points to Russian cybercriminals being most likely behind the malware.
The malware, which mines Monero privacy coin, adds exclusions to Windows Defender and spawns a watchdog process to maintain its activity. It uses legitimate-looking names for the files and processes it creates on the host computer to keep from detection. For instance, it claims to be by Google.
ReasonLabs found that the malware is a version of SilentXMRMiner, a Monero miner that’s available for free on GitHub. “The project offers a comfortable GUI to compile a new miner, with the relevant information per user. After the information is supplied, all that is left is to distribute the miner,” ReasonLabs revealed.
The company said that the malware is specifically designed to mine Monero and doesn’t collect personal information or cause other types of damage. However, it leads to a surge in electricity consumption as a computer mines Monero and also slows down the device.
On how they detected the malware, ReasonLabs cybersecurity experts told ZDNet that one of their users downloaded the torrent file and their security products flagged it as a new threat. They currently haven’t established how many other victims have downloaded the malware.
“The Spiderman malware is actually a new ‘edition’ of a previously known malware that was disguised as various popular apps in the past such as ‘windows updater,’ ‘discord app,’ and now the Spiderman movie. This suggests that it’s been downloaded a lot. No one else has identified this ‘edition’ of the malware,” the team added.
Watch: CoinGeek New York panel, Investigating Criminal Activity on the Blockchain
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.