Using a Mask: Tricking Users into Downloading the Malware
Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly becoming more associated with the mining landscape. ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie.
As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers. It’s a chance to connect with millions of potential targets and hack into computers all around the globe. All today’s malicious actors need to do is promise their victims access to the latest movie, and they get an all-access pass to their PC.
The cryptocurrency mining malware discovered by ReasonLabs disguises itself as a torrent for the Spiderman: No Way Home movie, encouraging viewers around the world to download the file and open the computer to criminals.
Cybersecurity issues are on the rise in today’s digital world. There were around 714 million attempted ransomware attacks reported for 2021 – a 134% rise from 2020. As people spend more of their time online, both for work and entertainment, criminals are discovering new opportunities to pinpoint easy targets. One of the easiest ways for criminals to find their victims – is with the right lure.
With many viewers still unable to attend physical cinemas due to lockdown restrictions, fans of the Spiderman franchise have been keen to get their hands on the movie elsewhere. This might be why so many people chose to download the “leaked” file, identified as: spiderman_net_putidomoi.torrent.exe, when it first emerged.
According to ReasonLabs, however, this is far from the first-time criminals have tried to trick users by convincing them they’re downloading something they want.
While most people are aware of the threats associated with unknown files, criminals are excellent at making their downloads look legitimate. This specific cryptocurrency mining malware may have been around in a number of different disguises before donning the Spiderman outfit. ReasonLabs believes it has also been circulating as apps like Discord or Windows Updater.
What Does the Spiderman Malware Do?
The malware baked into the Spiderman: No Way Home torrent is not listed by VirusTotal at this time, but ReasonLabs believes it has been around for quite some time, affecting numerous users.
ReasonLabs noted they frequently see miners deploying in the disguise of common programs and files. Crypto-mining tools hidden in the files has grown increasingly popular in recent years, because they offer easy access to cash. Hiding a crypto miner in a file sure to attract a lot of attention, like a Spiderman movie, makes it easy to target as many victims as possible.
When a user downloads the file, the code adds exclusions to Windows Defender to stop you from tracking its actions, spawns watchdogs for protection and creates persistence. The overall purpose of the malware is to mine a kind of cryptocurrency called Monero (XMR) – one of the more untraceable and anonymous cryptocurrencies used frequently in the dark web.
Users afflicted by the malware may not immediately notice any change to their computer. However, as the technology draws on your CPU power, you may begin to see a reduction in speed, and problems with your overall computer functionality. Additionally, the damage is likely to eventually show up in the electricity bill too, as devices need to draw extra power for mining.
Even Spiderman Isn’t Safe
As consumers continue to spend more of their time online, malicious individuals are actively looking for new and improved ways to trick their users into downloading suspicious files. The Spiderman torrent malware is just one excellent example of this.
ReasonLabs found the malware during a routine search of the files in their substantial database. The company has collected a lot of malware data over the years, and routinely checks any files that may be identified as suspicious. After one of ReasonLabs’ users downloaded the Spiderman file, it was immediately flagged as suspicious and marked for investigation.
Currently, ReasonLabs are still in the process of actively researching where this malware came from and hope to provide some additional insights soon. In the meantime, be cautious about which spiders you trust.
The complete report by ReasonLabs
