Beware of cryptominers when torrenting ‘Spider-Man: No Way Home’

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Cybersecurity firm ReasonLabs is warning eager fans of “Spider-Man: No Way Home” to beware of cryptominers if they decide to torrent the film instead of heading to theaters for it. 

In a new report, the ReasonLabs research team says it found Monero miners attached to Russian torrent files of the new film, which brought in more than $750 million worldwide since it debuted last week. 

The miner adds exclusions to Windows Defender, creates persistence, and spawns a watchdog process to maintain its activity, according to ReasonLabs. 

“The malware is not signed and written in .net, and as of this date, it is not present in Virus Total. The malware tries to stay away from examining eyes, by using ‘legitimate’ names for the files and processes that it creates. We recommend taking extra caution when downloading content of any kind from non-official sources — whether it’s a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download,” the team explained. 

“One easy precaution you can take is to always check that the file extension matches the file you are expecting e.g. in this case, a movie file should end with ‘.mp4’, not ‘.exe’. Try to gather information about the file, and always think twice before double-clicking on it. To make sure you see the real file extension, open a folder, go to ‘View’ and check ‘File name extensions.’ This will make sure you see the full file type.” 

The researchers added that although the malware does not compromise personal information, cryptominers cause other kinds of damage.

The added electricity will cost victims of the malware and the researchers noted that the miner runs for long periods, slowing down your device while requiring high CPU usage. 

When asked how they discovered the cryptominer, the ReasonLabs team told ZDNet that they have amassed a large malware database over the years that allows them to research their origins, flag them, and cross check with other databases such as Virus Total

One of their users

Read more