“Spider-Man: No Way Home” Downloads Contain Crypto Malware

Colin Thierry Colin Thierry

ReasonLabs, a leading provider of cybersecurity prevention and detection software, discovered a new form of crypto-mining malware that hacks into users’ computers disguised as a pirated download of “Spider-Man: No Way Home.”

ReasonLabs said that it discovered malware used for mining Monero cryptocurrency in a file called “spiderman_net_putidomoi.torrent.exe,” which the company translated from Russian to “spiderman_no_wayhome.torrent.exe.” This led ReasonLabs to believe that “the origin of the file is most likely from a Russian torrenting website.”

This type of malware spreads by capitalizing on people’s desires to pirate and engage with popular media. “Spider-Man: No Way Home” has already grossed over $1 billion at the box office, so it was a prime candidate for this sort of attack.

The company added that this malware originates from the SilentXMRMiner open source project that any person can download from GitHub. This project has a point-and-click interface that allows prospective malware distributors to easily create a new miner that’s compatible with a wide variety of cryptocurrencies.

After the malware is installed, ReasonLabs said that it “adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity,” which is all enabled by the SilentXMRMiner project. The malware then uses the victim’s computing power to mine Monero cryptocurrency for whoever created it.

“Although this malware does not compromise personal information (which is what most users are afraid of when thinking about a virus on their computer), the damage that a miner causes can be seen in the user’s electricity bill,” ReasonLabs said. “This is real money that they have to pay, given that the miner runs for long periods. Additionally, the damage can be felt on a user’s device as often miners require high CPU usage, which causes the computer to slow down drastically.”

Additionally, pirates can’t really depend on traditional antivirus solutions in order to defend themselves against this type of malware. ReasonLabs said that it “encountered various compiled versions of this project, some more obfuscated than others,” which can assist the malware in evading signature-based detection systems (traditional antivirus software).

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.