Hacked No Way Home downloads contain crypto-mining malware

Peter Parker may not be a cryptocurrency criminal, but Spiderman’s name is quickly becoming more associated with the mining landscape. Reason Labsone of the leading providers of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customers’ computers under the guise of the latest Spiderman movie.

As perhaps the most movie we’ve been talking about for a while, Spiderman: No Way Home represents an excellent opportunity for hackers. It’s a chance to connect with millions of potential targets and hack into computers all over the world. All today’s malicious actors have to do is promise their victims access to the latest movie, and they get a full access pass to their PC.

The cryptocurrency mining malware discovered by ReasonLabs disguises itself as a torrent for the movie Spiderman: No Way Home, encouraging viewers around the world to download the file and open the computer to criminals.

Using a mask: tricking users into downloading malware

Cybersecurity issues are on the rise in today’s digital world. There were approximately 714 million attempted ransomware attacks reported for 2021 – a 134% increase compared to 2020. As people spend more time online, both for work and play, criminals are discovering new opportunities to identify soft targets. One of the easiest ways for criminals to find their victims is to use the right decoy.

Automatic GitHub backups

With many viewers still unable to attend physical cinemas due to lockdown restrictions, fans of the Spiderman franchise have been keen to get their hands on the film elsewhere. Perhaps this is why so many people chose to download the “leaked” file, identified as: spiderman_net_putidomoi.torrent.exe, when it first appeared.

According to ReasonLabs, however, this is far from the first time that criminals have tried to trick users into convincing them that they are downloading something they want.

While most people are aware of the threats associated with unknown files, criminals are great at making their downloads legitimate. This specific cryptocurrency mining malware may have existed in several different disguises before donning the Spiderman garb. ReasonLabs believe it also circulated in apps like Discord or Windows Updater.

What does Spiderman malware do?

Spiderman: No Way Home Torrent Embedded Malware Is Not Listed By VirusTotal at the moment, but ReasonLabs believes it has been around for a while, affecting many users.

ReasonLabs noted that they frequently see miners deploying in the disguise of common programs and files. File-hidden crypto mining tools have become increasingly popular in recent years because they provide easy access to money. Hiding a crypto miner in a file that is sure to attract a lot of attention, like a Spiderman movie, makes it easy to target as many victims as possible.

Crypto-mining malware

When a user downloads the file, the code adds exclusions to Windows Defender to prevent you from tracking their actions, generates watchdogs for protection, and creates persistence. The overall goal of the malware is to mine a kind of cryptocurrency called Monero (XMR) – one of the most untraceable and anonymous cryptocurrencies frequently used on the dark web.

Prevent data breaches

Users affected by the malware may not immediately notice any changes on their computers. However, as the technology uses the power of your CPU, you may begin to see a reduction in speed and issues with the overall functionality of your computer. Additionally, the damage will likely end up showing up on the electricity bill as well, as the devices have to draw additional power for mining.

Even Spiderman is not safe

As consumers continue to spend more time online, malicious individuals are actively looking for new and improved ways to trick their users into downloading suspicious files. The Spiderman torrent malware is just one prime example.

ReasonLabs found the malware during a routine search of the files in their extensive database. The company has collected a lot of malware data over the years and regularly checks any files that can be identified as suspicious. After one of ReasonLabs users downloaded the Spiderman file, it was immediately flagged as suspicious and flagged for investigation.

Currently, ReasonLabs is still actively investigating the origin of this malware and hopes to provide additional information soon. In the meantime, be careful which spiders you trust.

The full report from ReasonLabs

Sam D. Gomez