“Spider-Man: No Way Home” pirates hit by Crypto Malware

This type of malware spreads by taking advantage of people’s desire to engage with popular media. “Spider-Man: No Way Home” is the first movie to gross more than $1 billion at the box office (during the COVID-19 era) even though it’s theater-exclusive and the Omicron variant of COVID-19 is rapidly spreading. So, of course, people are going to try to pirate it.

ReasonLabs said it discovered malware used to mine the Monero cryptocurrency in a file called “spiderman_net_putidomoi.torrent.exe,” which the company translated from Russian to “spiderman_no_wayhome.torrent.exe,” leading it to believe that “the origin of the file is most likely from a Russian torrenting website.”

Highlights

  • ReasonLabs said that after it’s installed, the malware “adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity,” all of which is enabled via the SilentXMRMiner project. It then devotes the victim’s compute power to mining Monero for whoever created it.

  • The company said this malware derives from the SilentXMRMiner open source project that anyone can download from GitHub. The project offers a point-and-click interface that allows wannabe malware distributors to create a new miner compatible with numerous cryptocurrencies without much effort on their part.

Unfortunately, pirates can’t necessarily rely on antivirus solutions to defend against malware like this. ReasonLabs said it “encountered various compiled versions of this project, some more obfuscated than others,” which can help the malware evade signature-based detection systems. (Read: Most traditional antivirus software.)

“Although this malware does not compromise personal information (which is what most users are afraid of when thinking about a virus on their computer),” ReasonLabs said. “The damage that a miner causes can be seen in the user’s electricity bill. This is real money that they have to pay, given that the miner runs for long periods. Additionally, the damage can be felt on a user’s device as often miners require high CPU usage, which causes the computer to slow down drastically.”

The company proved its point by submitting the malware to VirusTotal, which analyzes files and URLs with more than 70 different security tools. Unfortunately, ReasonLabs said the malware wasn’t flagged as malicious by VirusTotal when it wrote its report, so the vast majority of popular antivirus solutions wouldn’t have protected anyone.

The simplest way to avoid falling victim to this malware is to refrain from pirating “Spider-Man: No Way Home.” Barring that, ReasonLabs said those who choose to sail the black seas ought to double-check what kind of file they’re downloading. There’s no reason for a movie, pirated or not, to be distributed as an executable file.