Experts found illegal copies of Spider-Man: No Way Home on torrent sites with notorious crypto-mining malware attached to them.
Malware creators have found another new way of spreading their diabolic creations on the internet. According to a report by Reason Security, this time the attackers leveraged the popularity of Spider-Man: No Way Home. They created illicit torrent files of the movie and inserted crypto-mining malware into them.
Non-suspecting victims eager to watch the movie are the primary victims of this malware. Although the malware does not steal the personal information of its victims, it puts their personal computers under a lot of strain. Since crypto mining is an energy-intense process, the victims can also experience a surge in electricity consumption.
The “Spider-Man: No Way Home” Monero Miner
The malware, dubbed the “Spider-Miner” by Reason Security, is built to mine the Monero Cryptocurrency.
According to experts, the attackers meticulously designed the malware to avoid any sort of detection. Once the malware enters the host computer, it uses a series of contraptions and stratagems to evade onboard security.
It first adds exclusions to Windows Defender to avoid detection. It then uses a watchdog to conduct its operations.
Also, the malware names all of its processes such that they appear legitimate. For example, one of its services “Service.exe” resembles the name of a mandatory windows process. Also, to further enhance its detection-avoiding manoeuvres, it makes sure to kill any process with the same as its own processes. The malware does this to make sure no two instances of the same service are running at a time.
A variant of the malware “Spiderman”, the Spider-Miner begins its attack by targeting the System32 folder in the windows directory. Reason Security says that this malware is capable of its resources into another process. This means that the malware uses the address of other windows processes to run its operations.
Readers should note that the file it comes along with is named: spiderman_net_putidomoi.torrent.exe as reported by Reason Security. The “net_putidomoi” part of its name is in Russian. When translated to English, it literally translates to “No Way Home”. This probably implies that the malware originated in Russia.