People trying to download an illegal copy of "Spider-Man: No Way Home" will be in for a nasty surprise, as copies of torrent sites targeting illicit movie copies were found to include a cryptocurrency miner. persistent as an unwanted bonus. .
Detailed Today by researchers at Reason Cybersecurity Ltd., the illicit copies of the latest Spider-Man installment include a new version of a previously known form of malware. The malware, dubbed "Spiderman", is described as a variant of malware that had previously been disguised as popular applications such as "Windows Updater" and "Discord Application".
The crypto-malware miner is capable of adding exclusions to Windows Defender. It also adds a "watchdog process" for persistence. The researchers note that on the first run, the malware would kill any process named after its components to ensure that only one instance is running at any given time. The crypto mining malware then runs two new processes, called Sihost64.exe and WR64.exe.
"It has been extremely common for threat actors to attach crypto miners and other malware to popular torrent files for over a decade," Jasmine Henry, director of field security at cyber asset governance and management solutions provider JupiterOne Inc.he told SiliconANGLE. "Security teams should review their acceptable use policies and periodically remind employees that illegal file sharing between peers at home or on work devices carries some pretty nasty security risks."
Casey Ellis, Founder and CTO of the Collaborative Security Platform Company Bugcrowd Inc., noted that "someone who wants to implant malware, using a delivery system in which users are less likely to seek 'technical support' if something seems to be wrong or even admit to their colleagues or family that their computer could be acting in a wrong way. strange, it increases the chances that my malware will run in the first one and, once it does, a lower risk of it being discovered and removed. "
Sean Nikkel, Senior Cyber โโThreat Intelligence Analyst at Digital Risk Protection Company Digital Shadows Ltd., explained that hiding a crypto miner or similar malware in an attractive file, such as the new Spider-Man movie or other popular multimedia properties, is nothing new.
"There are probably a lot of genXers and millennials who remember the days of downloading random files from strangers on Kazaa and Limewire in search of rare or free MP3 or video files and ended up with a Trojan or similar evil," said Nikkel. Unfortunately, the tactic reached the world of Torrent. There have been many instances of people downloading the wrong file, thinking it was a popular movie, TV show, or new remix. "
