People trying to download an illegal copy of “Spider-Man: No Way Home” are going to have a nasty surprise, as copies on “torrent” sites that link to illicit copies of movies have been found to include a crypto miner. persistent currency as an unwanted bonus. .
Detailed today by researchers at Reason Cybersecurity Ltd., the illicit copies of Spider-Man’s latest installment include a new version of a previously known form of malware. The malware, nicknamed “Spiderman”, is described as a variant of malware that had previously been disguised as popular applications such as “Windows Updater” and “Discord app”.
The crypto malware miner is capable of adding exclusions to Windows Defender. It also adds a “monitoring process” for persistence. The researchers note that on the first run, the malware would kill any process named after its components to ensure that only one instance is running at any given time. The crypto mining malware then runs two new processes, called Sihost64.exe and WR64.exe.
“It has been extremely common for threat actors to attach cryptominers and other malware to popular torrent files for over a decade,” Jasmine Henry, director of field security at SiliconANGLE, told SiliconANGLE. JupiterOne Inc., provider of IT asset management and governance solutions. “Security teams need to review their acceptable use policies and periodically remind employees that illegal peer-to-peer file sharing at home or on work devices carries some pretty nasty security risks.”
Casey Ellis, founder and CTO of crowdsourced security platform company Bugcrowd Inc., noted that “someone who wants to implant malware, using a delivery system where users are less likely to asking for “tech support” if something doesn’t look right or even admitting to peers or family that their computer might behave strangely, increases the chances that my malware will run first and, once that it does, reduces the risk of it being discovered and deleted.
Sean Nikkel, senior cyber threat intelligence analyst at digital risk protection firm Digital Shadows Ltd., explained that hiding a minor crypto or similar malware in an attractive file, such as the new Spider-Man movie or other hot media properties, is nothing new.
“There are probably a lot of genXers and millennials who remember the days when they would download random files from strangers through Kazaa and Limewire looking for rare or free MP3 or video files and ended up with a horse. Trojan or similar wickedness, ”Nikkel said. “Unfortunately, the tactic has spread to the world of Torrenting. There have been many cases of people downloading the wrong file, believing it to be a popular movie, TV show, or movie. ‘a new remix.