Pirates attempting to download illegal copies of the latest Spider-Man film are exposing their computers to crypto-mining malware.
According to researchers at cybersecurity firm ReasonLabs, copies of "Spider-Man: No Way Home" circulating on torrent sites have been packaged with malware that diverts the user's computer to mining the "privacy coin" Monero.
The affected file is named “spiderman_net_putidomoi.torrent.exe,” which translates from Russian to “spiderman_no_wayhome.torrent.exe,” hinting at the source of the torrent: "most likely from a Russian torrenting website," according to ReasonLabs.
The malware crypto miner adds exclusions to the Windows Defender antivirus software and creates a "watchdog process" for persistence. After killing any process that shares the name of its components, the malware then launches two new processes, Sihost64.exe and WR64.exe. Once up and running, the malware runs XMrig, an open-source Monero miner.
We identified a Monero miner attached to a torrent download of 'Spider-Man: No Way Home.'
Read all about it in ZDNet 👇🏼 #cryptojacking #malware #ReasonLabshttps://t.co/2eRUy0zVdp
— ReasonLabs (@Reasonsecurity) December 23, 2021
Although the malware doesn't steal personal information, ReasonLabs pointed out that it does exact a cost on the victim, in the form of increased electricity bills and high CPU usage—causing their machine to slow down. The cybersecurity firm recommended "taking extra caution when downloading content of any kind from non-official sources – whether it’s a document in an email from an unknown sender, a cracked program from a fishy download portal, or a file from a torrent download."
Basically, don't pirate movies from dodgy torrent sites.
Cryptojacking, or inserting malicious software onto an unsuspecting user's computer to mine cryptocurrency, is a growing phenomenon; in the first half of 2021, they were the most common family of malware detected by cybersecurity firm Trend Micro, which detected nearly 75,000 instances of cryptojacking malware.
Earlier this month, cybersecurity firm Sophos reported that Monero-mining malware was infecting company networks. "All of the miners we’ve seen recently are Monero miners," Sophos threat researcher Sean Gallagher told Decrypt.
Monero has become a favorite of cybercriminals because it incorporates privacy features that make it challenging to trace.
Law enforcement agencies are keen to crack the privacy coin too. Last year, the IRS awarded contracts worth $1.25 million to firms attempting to develop tools to track Monero, while in August this year, crypto intelligence firm Ciphertrace claimed to have developed a toolset for tracing Monero transactions at the behest of the U.S. Department of Homeland Security.