The long awaited Marvel movie “Spider-Man: No Way Home” is out. People trying to download an illegal copy are up for an unpleasant surprise.
Crypto Miner Hidden in the Download
Researchers at Reason Cybersecurity Ltd. found that the copies of the latest Spider-Man movie downloaded illegally from torrent sites include a new version of a previously known form of malware.
Malware Dubbed “Spiderman”
The malware, dubbed “Spiderman,” is described as a variant of malware that had previously been disguised as popular apps such as “Windows updater” and “Discord app.”
The malware crypto miner is capable of adding exclusions to Windows Defender. It also adds a “watchdog process” for persistence. The researchers note that at first run, the malware would kill any process that has the name of its components to make sure only one instance is running at a given moment. The crypto mining malware then executes two new processes, called Sihost64.exe and WR64.exe.
Cryptominers Have Become Common Practice
Threat actors have make it extremely common to attach crypto-miners to popular torrent file for more than a decade. Popular downloads is a perfect way for them to spread their malware fast and wide.
Go to a cinema, avoid malware infection 🙂
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.