Cryptomining Malware Found In Spider-Man: No Way Home Torrents

Security firm ReasonLabs is warning movie fans that pirated copies of Spider-Man: No Way Home contain cryptomining malware.

The film is the first to gross more than $1 billion at the box office. But with no way yet to watch the movie at home, it has been leaked on torrent sites over the last two weeks.

Now, ReasonLabs says it’s found malware used to mine the Monero cryptocurrency in a file called “spiderman_net_putidomoi.torrent.exe,” – Russian for “spiderman_no_wayhome.torrent.exe”.

The origin of the file, it says, is most likely a Russian torrenting website, and it hopes to discover more soon.

“Although this malware does not compromise personal information (which is what most users are afraid of when thinking about a virus on their computer), the damage that a miner causes can be seen in the user’s electricity bill,” says the firm.

“This is real money that they have to pay, given that the miner runs for long periods. Additionally, the damage can be felt on a user’s device as often miners require high CPU usage, which causes the computer to slow down drastically.”

The malware appears to be derived from the SilentXMRMiner open source project, available on GitHub, which has a point-and-click interface that allows the easy creation of new miners that can work with a range of cryptocurrencies.

Once the movie is downloaded, it adds exclusions to Windows Defender to stop the malware’s actions being tracked, creates persistence and spawns a watchdog process to maintain its activity. It then starts mining Monero – a comparatively untraceable and anonymous cryptocurrency – for its creators’ benefit.

ReasonLabs says it’s found a number of different versions – “some more obfuscated than others” – that can evade many types of traditional anti-virus software.

“We recommend taking extra caution when downloading content of any kind from non-official sources – whether it’s a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download,” says the firm.

“One easy precaution you can take is to always check that the file extension matches the file you are expecting e.g. in this case, a movie file should end with ‘.mp4’, not ‘.exe’.”

Cryptomining this year overtook spyware as the world’s most common malware, with NTT’s 2021 Global Threat Intelligence Report finding that it accounted for 41 per cent of all malware detected last year.

According to the report, while cryptominers were relatively rare in Asia, they dominiated activity in Europe, the Middle East and Africa, and are being used in a woder and woder range of circumstances.