Spider-Man: No Way Home was a blockbuster in global theaters, bringing back fond memories of many favorite childhood superheroes. However, those who download pirated copies of the latest Marvel movie receive more than just keepsakes. The pirated copies are accompanied by cryptocurrency mining malware, the researchers warned.
Downloading a pirated copy of Spider-Man: No Way Home from a torrent website may be an invitation to mining malware, Reason Cybersecurity researchers have warned. According to the researchers, many pirated copies of the film, which are shared across the Internet, include cryptojacking malware with the file name “spiderman_net_putidomoi.torrent.exe”.
Once the malware infects a system, it manages to divert its computing power and redirect it to the extraction of the Monero privacy coin. In a blog post, ReasonLabs researchers state that the malware “most likely came from a Russian torrent site”.
Since it is cryptojacking malware, it does not attempt to steal information from a target system. However, this dramatically increases the use of a PC’s processor to mine cryptocurrency, ultimately leading to an increase in the electricity bill. Researchers warn that the miner operates for long periods of time and gradually slows down an infected device.
Researchers do not yet know how many times the malware was downloaded. They do mention, however, that the malware has been around for quite some time.
The malware is not easy to detect. According to researchers, once the malware infects a system, it adds exclusions to Windows Defender. Additionally, it spawns a watchdog process to continue untracked mining on the victim processor. This means that the malware kills any process that shares the name of its components. This way it makes sure that only one instance is running at a time.
Researchers are warning people against downloading this type of content from illegal sources. A simple precaution, the blog notes, is that users should always check the file extension to be sure what they’re downloading. For example, a video file should end with “.mp4”, not “.exe”. Users should perform a thorough check of the content they are downloading and the source they are downloading it from.
The authors of DarkWatchman, an extremely difficult to detect malware, can execute remote commands and pass valuable data to the malicious actor in the same way. The malware is spread as a ZIP attachment found in phishing emails. The ZIP file contains a text file, which is actually a disguised executable file. The file is able to install the RAT and the keylogger on the target system. You can read everything about DarkWatchman here.