Hackers and digital criminals are smart. They know how to ensnare today’s consumers and online browsers in their web – by grabbing their attention with the latest trends. Perhaps this is why around 714 million attempted ransomware attacks (134% more than in 2020) were recorded for 2021.
Digital access to new movies is one of the most exciting lures today’s malware minions can get their hands on. Spiderman: No Way Home is an excellent example. The movie is one of the most talked-about in the cinematic industry right now. It opened to an official $260 million in earnings, making it the second-biggest box office debut in history.
Viewers are keen to get their hands on the movie any way they can, including downloading “leaked” versions from the web. Unfortunately, many desirable files on the internet are often too good to be true. That’s what researchers from ReasonLabs discovered when they uncovered hidden crypto-mining malware threaded into the code of a torrent download for No Way Home.
Mining Cryptocurrency With Spiderman
ReasonLabs, a cybersecurity detection and prevention software company, reports that the Spiderman malware is intended to mine Monero (XMR), a kind of untraceable, anonymous cryptocurrency commonly used in the Dark Web.
Like most clever criminal files, the malware identifies as spiderman_net_putidomoi.torrent.exe, which basically translates from Russian to the no_wayhome torrent. Currently, the malware isn’t signed and written for .net, and it isn’t active in the Virus Total listings.
When a user downloads the file, assuming it’s a Spiderman torrent, the code gets to work with svchost.exe, adding exclusions to Windows Defender, spawning watchdogs to help maintain activity, and creating persistence strategies.
While you might not be able to see anything happening, the attack will instantly force your computer to start mining cryptocurrency without your knowledge. You might notice the damage in your electricity bill, as your devices draw more power to mine.
Miners also generally require high CPU usage, which means your computer functionality will likely slow down too. You might not notice anything until your PC starts to lag, and your electricity bill shoots through the roof.
How Did ReasonLabs Find The Malware?
ReasonLabs discovered the Spiderman malware (full report here) during a routine search of the files in their database. The company has an astronomical malware database and frequently comes across suspicious files during routine checks. When a suspicious file is encountered, ReasonLabs flags them and cross-checks their presence with other databases. A ReasonLabs user downloaded the Spiderman file, and it was instantly recognized by the database as a new threat.
According to ReasonLabs, it’s difficult to say for certain how many times the torrent file has been downloaded, but there’s some evidence the technology has been around for quite some time. Before masquerading as Spiderman, this malware was previously disguised as things like Discord, the Windows Updater, and so on.
ReasonLabs is now actively researching the origins of the miner and hopes to provide some additional insights to the public soon. However, there’s a good chance a number of people have already been affected by the issue.
Crypto-Miners Becoming A Major Issue
The marketplace is becoming more heavily saturated with security issues in today’s digital world, as people spend more time online. Attaching crypto-miners to blockbuster movie files isn’t exactly a new concept. It’s something miners have been using for years to try to trick people into downloading their files.
“We’re constantly seeing miners deployed in the guise of common programs, interesting files, popular apps and so on,” ReasonLabs wrote. “Crypto-miners hidden in this technology got very popular in the past few years because they offer easy money.”
Attaching malware designed for crypto-mining in the background is called “cryptojacking.” Cybercriminals attach their malware to popular files like the Spiderman film so that they can exponentially increase their crypto mining capability.
The more computing power a miner has, the more cryptocurrency they can generate. It’s much cheaper to cryptojack a bunch of computers than it is to invest in a large number of expensive crypto mining rigs.
Additionally, Trend Micro warns that the threat to cryptojacked computers goes beyond performance issues, drastically increased power consumption, and wear and tear on the affected machines. The firm said that between January 1 and June 24, 2017, its sensors detected almost 4,900 bitcoin miners that triggered over 460,000 bitcoin-mining activities. Trend Micro found that over 20% of the miners also triggered web- and network-based attacks.
Files like those promising to be torrents of Spiderman: No Way Home give hackers access to as many victims as possible for their crypto efforts by fooling them into thinking they can get their hands on something they desperately want.